IIT Home Page CNR Home Page

Time-continuous Authorization of Network Resources based on Usage Control

Authorization systems regulate the access to network resources, e.g., bandwidth-guaranteed circuits traversing nodes and links and shared among different media streams, assuring that
only admitted data streams use the assigned resources. Traditional access control models were not designed to cope with changes that
may occur in the attributes of the user, of the resource or of the environment after the access has been granted. However, in order
to prevent misuse and fraud, it is important to extend the control on these attributes after the authorization decision is taken, i.e, during the actual usage of such resources. This control is
particularly crucial for network resources because an abuse might cause the degradation of QoS performance for lawful admitted media
streams and expose the network to Denial of Service attacks. This paper integrates an authorization system based on the Usage Control model (UCON) in the network service provisioning scenario,
to enhance the evaluation of access rights during the actual usage of network resources. The relevant application scenario and architectural design as well as an example of a security policy
that implements usage control are described. Finally we outline some open issues and research trends in the applicability of usage
control models in networking area.



External authors: Barbara Martini (Laboratorio Nazionale di Reti Fotoniche, Consorzio Nazionale Interuniversitario per le Telecomunicazioni), Piero Castoldi (Scuola Superiore Sant'Anna)
IIT authors:

Maurizio Colombo

Foto di Maurizio Colombo

Type: Bookchapter in book with an international publisher
Field of reference: Information Technology and Communication Systems

Activity: Metodi formali per la sicurezza di sistemi ICT
Sicurezza di dispositivi mobili