Modern decentralized and distributed environments, as typical from IoT or Industry 4.0 architectures, require a more advanced and granular security management than the currently available standard access control methodologies. Obligations, as defined by the Usage Control model, have been introduced to enhance the traditional access control security mechanisms by imposing the execution of policy-determined actions. This paper presents an extension of the architecture of the Usage Control system already existing in literature, which aims at formalizing the management of Obligations. Three additional components, naturally integrated within the Usage Control system, verify and/or ensure the correct enforcement of obligations also allowing their effect to be evaluated in the continuous access decision making process. The proposed extension thus allows to verify complex conditions when evaluating obligation- specific attributes extracted from the domain where obligations are enforced or observed.
Obligation Management in Usage Control Systems
Martinelli F;Mori P;Saracino A;
2019
Abstract
Modern decentralized and distributed environments, as typical from IoT or Industry 4.0 architectures, require a more advanced and granular security management than the currently available standard access control methodologies. Obligations, as defined by the Usage Control model, have been introduced to enhance the traditional access control security mechanisms by imposing the execution of policy-determined actions. This paper presents an extension of the architecture of the Usage Control system already existing in literature, which aims at formalizing the management of Obligations. Three additional components, naturally integrated within the Usage Control system, verify and/or ensure the correct enforcement of obligations also allowing their effect to be evaluated in the continuous access decision making process. The proposed extension thus allows to verify complex conditions when evaluating obligation- specific attributes extracted from the domain where obligations are enforced or observed.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
