Authorization systems regulate the access to network resources, e.g., bandwidth-guaranteed circuits traversing nodes and links and shared among different media streams, assuring that only admitted data streams use the assigned resources. Traditional access control models were not designed to cope with changes that may occur in the attributes of the user, of the resource or of the environment after the access has been granted. However, in order to prevent misuse and fraud, it is important to extend the control on these attributes after the authorization decision is taken, i.e, during the actual usage of such resources. This control is particularly crucial for network resources because an abuse might cause the degradation of QoS performance for lawful admitted media streams and expose the network to Denial of Service attacks. This paper integrates an authorization system based on the Usage Control model (UCON) in the network service provisioning scenario, to enhance the evaluation of access rights during the actual usage of network resources. The relevant application scenario and architectural design as well as an example of a security policy that implements usage control are described. Finally we outline some open issues and research trends in the applicability of usage control models in networking area.
Time-continuous Authorization of Network Resources based on Usage Control
P Mori;F Martinelli;A Lazouski;
2011
Abstract
Authorization systems regulate the access to network resources, e.g., bandwidth-guaranteed circuits traversing nodes and links and shared among different media streams, assuring that only admitted data streams use the assigned resources. Traditional access control models were not designed to cope with changes that may occur in the attributes of the user, of the resource or of the environment after the access has been granted. However, in order to prevent misuse and fraud, it is important to extend the control on these attributes after the authorization decision is taken, i.e, during the actual usage of such resources. This control is particularly crucial for network resources because an abuse might cause the degradation of QoS performance for lawful admitted media streams and expose the network to Denial of Service attacks. This paper integrates an authorization system based on the Usage Control model (UCON) in the network service provisioning scenario, to enhance the evaluation of access rights during the actual usage of network resources. The relevant application scenario and architectural design as well as an example of a security policy that implements usage control are described. Finally we outline some open issues and research trends in the applicability of usage control models in networking area.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
