Abstract. Modern information systems require temporal and privilegeconsuming usage of digital objects. To meet these requirements, we present a new access control model–Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control models with times-based usage control by defining the maximum times that a privilege can be exercised. When the usage times of a privilege is consumed to zero or the time interval of the usage is expired, the privilege exercised on the object is automatically revoked by the system. Formal definitions of TUCON actions and rules are presented in this paper, and the implementation of TUCON is discussed.
Baoxian Zhao, Ravi S. Sandhu, Xinwen Zhang, Xiaoli