ATTRIBUTE ANALYSIS OF USAGE CONTROL (UCON)

The term usage control (UCON) is a generation of access control to cover authorizations, obligations and conditions. The core properties of UCON are decision continuity and attribute mutability, which depend on the attributes of subjects, objects and system. We argue UCON is an attribute-based access control taking usage as a natural attribute handling process. To describe this feature, we identify the taxonomy of attributes, such as mutable or immutable; subject-depended, object-depended, or system-depended; authorization-related, obligation-related, or condition-related; initial or driven. At the same time, we provide the Using model with respect to attribute mutability, which is an abstract attribute-based UCON clearly since it takes usage as direct attribute handling process. Consequently, a redefined UCON, based on the Using model, is proposed to highlight attributes’ importance and to offer an abstract description mechanism that can specify access control within different situations of sixteen sub-models of UCON_ABC model. The most abstract model, attribute-based decision system, is proposed as a final abstract UCON model, which indicates the main contributions of this paper: (1) UCON is an attribute-based access control; (2) decision factors, such as authorizations, obligations, conditions are all attribute-oriented.