Access control has been traditionally used to protect data and privacy. Traditional access control models (e.g., ABAC, RBAC) cannot meet modern security requirements as technologies spread over heterogeneous and dynamic environments that need continuous monitoring. Modern models such as Usage Control (UCON) introduced the concept of continuous authorisation that has a lifecycle consisting of a series of phases through which the authorisation passes during its lifetime. However, such models assume a fixed lifecycle for all authorisations, so they cannot satisfy emerging technologies (e.g., smart vehicles, zero-trust, data flow), which require various and fine-grained lifecycles. Researchers have extended existing models to meet such requirements, but all solutions remain restrictive, as they are specially tailored for specific use-cases. In this paper, we propose an extensible model for continuous authorisations and usage control. The model enables its users to customise and dynamically configure the authorisation lifecycle as required by the use-case. This adds a layer of abstraction, forming a metamodel that can be instantiated into different flavours of continuous authorisation models, each addressing specific requirements. We also show that the authorisation lifecycle can be modelled as Deterministic Finite Automaton (DFA) and expressed in a structured language used by an evaluation engine to dynamically enact and manage the lifecycle. We layout the building blocks of the proposed metamodel and devise future research directions.

WiP: Metamodel for Continuous Authorisation and Usage Control / Hariri, Ali; Ibrahim, Amjad; Dimitrakos, Theo; Crispo, Bruno. - (2022), pp. 43-48. (Intervento presentato al convegno 27th ACM Symposium on Access Control Models and Technologies, SACMAT 2022 tenutosi a online nel 8-10 June 2022) [10.1145/3532105.3535039].

WiP: Metamodel for Continuous Authorisation and Usage Control

Hariri, Ali
Primo
;
Crispo, Bruno
2022-01-01

Abstract

Access control has been traditionally used to protect data and privacy. Traditional access control models (e.g., ABAC, RBAC) cannot meet modern security requirements as technologies spread over heterogeneous and dynamic environments that need continuous monitoring. Modern models such as Usage Control (UCON) introduced the concept of continuous authorisation that has a lifecycle consisting of a series of phases through which the authorisation passes during its lifetime. However, such models assume a fixed lifecycle for all authorisations, so they cannot satisfy emerging technologies (e.g., smart vehicles, zero-trust, data flow), which require various and fine-grained lifecycles. Researchers have extended existing models to meet such requirements, but all solutions remain restrictive, as they are specially tailored for specific use-cases. In this paper, we propose an extensible model for continuous authorisations and usage control. The model enables its users to customise and dynamically configure the authorisation lifecycle as required by the use-case. This adds a layer of abstraction, forming a metamodel that can be instantiated into different flavours of continuous authorisation models, each addressing specific requirements. We also show that the authorisation lifecycle can be modelled as Deterministic Finite Automaton (DFA) and expressed in a structured language used by an evaluation engine to dynamically enact and manage the lifecycle. We layout the building blocks of the proposed metamodel and devise future research directions.
2022
WiP: Metamodel for Continuous Authorisation and Usage Control
New York
Association for Computing Machinery (ACM)
9781450393577
Hariri, Ali; Ibrahim, Amjad; Dimitrakos, Theo; Crispo, Bruno
WiP: Metamodel for Continuous Authorisation and Usage Control / Hariri, Ali; Ibrahim, Amjad; Dimitrakos, Theo; Crispo, Bruno. - (2022), pp. 43-48. (Intervento presentato al convegno 27th ACM Symposium on Access Control Models and Technologies, SACMAT 2022 tenutosi a online nel 8-10 June 2022) [10.1145/3532105.3535039].
File in questo prodotto:
File Dimensione Formato  
wip-metamodel.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.94 MB
Formato Adobe PDF
1.94 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/364251
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 2
  • OpenAlex ND
social impact