UCON

Modern security architectures rely on sophisticated usage control mechanisms that control access and usage of resources. It is a major challenge to ensure that these usage control mechanisms behave as intended. This project develops methods for the formalization, verification, and analysis of a continuous usage control system.

Project description

The project develops analysis and verification methods for modern continuous usage control systems deployed in cloud, edge, and IoT environments. To make the analysis of usage control possible, we develop a formal specification of the intendent system behavior and use it to develop methods for verification and analysis.

There are three main goals:

Formalization: Define a clear and rigorous specification for policies and continuous usage control.
Verification: Develop a monitoring approach for verifying that usage control systems correctly implement the specification.
Analysis: Support the correct use of usage control systems with automated policy analysis methods that may be used to assist writing and maintaining policies.

Research contribution

The formal specification of usage control provides the basis that makes automated analysis and verification possible. The project extends the scope of the formal semantics of access control systems, particularly by capturing models of continuous usage control. It applies the results to develop a monitoring method for verifying that usage control policies are enforced correctly. It develops new automated methods for analyzing properties of policies statically before they are deployed.

Funding

Huawei Technologies Düsseldorf GmbH

Project duration

01.11.2021 – 31.05.2023

Your contact

Dr. Fathiyeh Faghih

+49 89 3603522 261
faghih@fortiss.org

Project partner

Publications

2024 Static and Dynamic Analysis of a Usage Control System Ulrich Schöpp , Fathiyeh Faghih , Subhajit Bandopadhyay , Hussein Joumaa , Amjad Ibrahim , Chuangjie Xu , Xin Ye and Theo Dimitrakos In SACMAT 2024: Proceedings of the 29th ACM Symposium on Access Control Models and Technologies, 2024. Details DOI BIB
2023 Specifying a Usage Control System Ulrich Schöpp , Chuangjie Xu , Amjad Ibrahim , Fathiyeh Faghih and Theo Dimitrakos In Proceedings of the 28th ACM Symposium on Access Control Models and Technologies (SACMAT ’23), pages 8, New York, NY, USA, 2023. ACM. Details DOI BIB

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo