Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy. However, a number of improvements can be introduced to the standard model regarding the simplification of the policy writing, but also the improvement of run-time efficiency and scalability. In this article, we discuss the limitations of the original UCON, and propose suitable enhancements for their remediation. Specifically, a risk aggregation framework is proposed to be added to the existing architecture, for dynamic role allocation and service grouping management, in order to improve the scalability, and run-time efficiency of the existing model.
Enhancing Usage Control for Performance: A Proposal for Systems of Systems
A Rizos;C Michailidou;F Martinelli;P Mori
2018
Abstract
Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy. However, a number of improvements can be introduced to the standard model regarding the simplification of the policy writing, but also the improvement of run-time efficiency and scalability. In this article, we discuss the limitations of the original UCON, and propose suitable enhancements for their remediation. Specifically, a risk aggregation framework is proposed to be added to the existing architecture, for dynamic role allocation and service grouping management, in order to improve the scalability, and run-time efficiency of the existing model.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.