Upload
clyde-boone
View
221
Download
4
Tags:
Embed Size (px)
Citation preview
UCON MODEL
51000448 - Huỳnh Châu Duy
OUTLINEUCON
MODELWhat?
What for?When?Why?
CORE MODELS
16 basic models Example
COMPARISONTraditional
access control
DRM
CONCLUSION
UCON MODEL
UCON MODEL
WHAT?
WHEN?
WHAT FOR?
WHY?
TRADITIONAL ACCESS CONTROL Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC)
Focus in a closed system environment Not adequate for today’s distributed, network-
connected digital environment. Authorization only Decision is made before access No consumable rights Rights are pre-defined and granted to subjects
DIGITAL RIGHT MANAGEMENT(DRM) Controlling and tracking access to and use of
digital information objects at client-side. Mainly focus on intellectual property
rights protection. Lack of access control model.
PROBLEM
UCON MODEL
UCON MODEL
WHAT?
WHEN?
WHAT FOR?
WHY?
UCONABC MODEL COMPONENTS
UCONABC MODEL COMPONENTSSubjects
Attributes Consumer Subjects Provider Subjects Identifiee Subjects
Objects Attributes
Rights
WHAT IS UCONABC MODEL?
OBLIGATIONS
AUTHORIZATIONS
CONDITIONS
AUTHORIZATIONS Functional predicates that have to be
evaluated for usage decision. Return whether the subject(requester) is
allowed to perform the requested rights on the object.
Authorizations can be either pre-authorizations (preA) or ongoing-authorizations (onA).
OBLIGATIONS Functional predicates that verify mandatory
requirements a subject has to perform before or during a usage exercise.
Obligations can be either pre-obligations (preB) or ongoing-obligations (onB)
CONDITIONS Environmental or system-oriented decision
factors. Unlike authorizations or obligations, condition
variables cannot be mutable. Evaluation of conditions cannot update any
subject or object attributes.
OUTLINEUCON
MODELWhat?
What for?When?Why?
CORE MODELS
16 basic models Example
COMPARISONTraditional
access control
DRM
CONCLUSION
CORE MODEL
The 16 basic UCONABC models
0immutable
1pre_update
2ongoing_updat
e
3post_updat
e
preA Y Y N Y
onA Y Y Y Y
preB Y Y N Y
onB Y Y Y Y
preC Y N N N
onC Y N N N
CORE MODEL
AUTHORIZATIONS preA
onA
CORE MODELpreApreA0
preA1
preA3
Example : - Pay-per-view (preUpdate) - Metered payment
(postUpdate)
CORE MODELonAonA0
onA1
onA2
onA3
Example : Pay-per-Minutes
CORE MODELOBLIGATIONS
preB
onB
CORE MODELpreBpreB0
preB1
preB3
Example : Free Internet Service
CORE MODELonBonB0
onB1
onB2
onB3
CORE MODELCONDITIONS
preC
onC
CORE MODEL Example :
Healthcare Education Long-distance phone Pre-paid phone card Click Ad within every 30 minutes Business Hour
OUTLINE
UCONMODEL What? What for? When?
Why?
CORE MODELS 16 basic models Example
COMPARISON Traditional access control DRM
CONCLUSION
COMPARISON
TraditionalAccess Control
•RBAC•MAC•DAC
UCON MODEL
•Authorizations•Obligations•Conditions
COMPARISON
DRM•pay-per-use•multiple credits
UCON MODEL
•Authorizations•Obligations•Conditions
OUTLINE
UCONMODEL What? What for? When?
Why?
CORE MODELS 16 basic models Example
COMPARISON Traditional access control DRM
CONCLUSION
CONSLUSION UCONABC leaves open the architecture and
mechanisms for providing trusted attributes.