Usage control in computer security: A survey

Protecting access to digital resources is one of the fundamental problems recognized in computer security. As yet it remains a challenging problem to work out, starting from the design of a system until its implementation. Access control is defined as the ability to permit or deny access to a particular resource (object) by a particular entity (subject). Three most widely used traditional access control models are: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). Traditional access control solutions do not respond adequately to new challenges addressed by modern computer systems. Today highly distributed, network-connected, heterogeneous and open computing environment requires a fine-grained, flexible, persistent and continuous model for protecting the access and usage of digital resources. This paper surveys the literature on Usage Control (UCON) model proposed by Park and Sandhu (2002) [1], Park (2003) [2] and Zhang (2006) [3]. Usage control is a novel and promising approach for access control in open, distributed, heterogeneous and network-connected computer environments. It encompasses and enhances traditional access control models, Trust Management (TM) and Digital Rights Management (DRM), and its main novelties are mutability of attributes and continuity of access decision evaluation. (C) 2010 Elsevier Inc. All rights reserved.