The notion of Usage Control (UCON) has been introduced recently to extend traditional access controls by including three decision factors called authorizations, obligations, and conditions. Usage control also recognize two important decision properties of continuity and mutability. In access control literature, an authorization decision is commonly made by utilizing some form of subject and object attributes. Identities, security labels and roles are some examples of attributes. Traditionally these attributes are assigned to subjects and objects by a security officer and can be modified only by administrative actions. However, in modern information systems these attributes are often required to be changed as a side effect of subject's usage on object. This requirement of updates has been recognized and defined as mutability property in usage control. In this paper, we discuss issues of this attribute mutability and show how usage control can apply this mutability property in vario...
Jaehong Park, Xinwen Zhang, Ravi S. Sandhu