The Fourth International Workshop on Trusted Collaboration

Research Article

A usage control policy specification with Petri nets

Download519 downloads
  • @INPROCEEDINGS{10.4108/ICST.COLLABORATECOM2009.8394,
        author={Basel Katt and Michael Hafner and Xinwen Zhang},
        title={A usage control policy specification with Petri nets},
        proceedings={The Fourth International Workshop on Trusted Collaboration},
        publisher={IEEE},
        proceedings_a={TRUSTCOL},
        year={2009},
        month={12},
        keywords={Access control Authorization Concurrent computing Control systems Environmental management Functional programming Information security Information systems Petri nets Power system modeling},
        doi={10.4108/ICST.COLLABORATECOM2009.8394}
    }
    
  • Basel Katt
    Michael Hafner
    Xinwen Zhang
    Year: 2009
    A usage control policy specification with Petri nets
    TRUSTCOL
    ICST
    DOI: 10.4108/ICST.COLLABORATECOM2009.8394
Basel Katt1,*, Michael Hafner1,*, Xinwen Zhang2,*
  • 1: University of Innsbruck, Innsbruck, Austria
  • 2: Samsung Information Systems, America, San Jose, CA, USA
*Contact email: basel.katt@uibk.ac.at, m.hafner@uibk.ac.at, xinwen.z@samsung.com

Abstract

In this paper we propose a novel usage control policy specification based on Coloured Petri Nets formalism. Recently, usage control has been proposed in order to overcome the shortcomings of transitional access control that fails to meet new security requirements of today's highly dynamic and distributed systems. These new environments require for example (i) a continuity of control, (ii) fulfillment checks of obligatory tasks, during or after the usage end, (iii) an integration between functional behavior and security policy, and (iv) the management and control of concurrent and parallel usages by different subjects. Taking all these requirements into consideration, our usage control policy includes three main rule types: behavioral, security and concurrency rules. Security rules, can be further classified either into instant-, -ongoing, and post rules or into authorization and obligation rules. Instant rules must be checked before the execution of an action is granted, ongoing rules are checked during the execution of an action, and finally post rules are checked after the execution is finished. Therefore, post rules are only of type obligation. Coloured Petri nets are used because of their powerful modeling capabilities of distributed and concurrent systems and their efficiency for specification of systems by embodying the support of ML functional programming language.