Implementation of the UCON engine
October 25th, 2010 By KashifAhmad

Implementation of the UCON engine


The area of access control in the field of computer and information security has been the focus of much of the research during the past few decades or so. Access control is primarily concerned with the authentication and authorizations. Access control determines the tasks and activities that legitimate and authenticated subjects can perform by intercepting all of the attempts by subjects for accessing resources in a system. Hence it protects the system resources against inappropriate or undesired user access. Various models have been developed that have evolved greatly since their inception. Researchers have observed that the widely used traditional access control models which include DAC, MAC and RBAC are no longer suitable to meet the requirements of modern computing environments. UCON is a generalized framework for controlling access to objects. The scope of the UCON framework is much wider and represents a paradigm shift in the way we look at access control models and systems. Traditional access control models are mostly concerned with static authorization rules that use predefined permissions assigned to users in a bid to take an access control decision. A lot of research has been carried out to improve the traditional access control models in order to enable them to support a diverse set of access control policies. Most of the proposed extensions to the traditional access control models however are application specific and focuses on the system that is primarily of interest to the authors of such extensions. The limitations of traditional access control became obvious as our computing environment evolved and became more distributed in nature. Traditional access control models and systems were designed with closed systems in mind, where the identities of subjects or users were well known before hand. In distributed systems, the notion of identities and authorizations for a principal to access a particular resource are very complex as the set of subjects who can request or access a resource is quite large and in most cases the set of subjects may not be known prior to the request for access to the resource or service, this phenomena can be commonly observed with the services deployed on the internet. Trust Management systems were proposed to solve such problems and to enable the system to determine the authorizations of a subject who is unknown to the system prior to the access request.

Access Control

Controlling access to resources and services within a system is fundamental to its security. Access control protects the data and resources within a system from unauthorized access and enables the authorized users to access resources of the system. Following are some fundamental concepts that are related to access control systems:

Object: An entity that contains or receives information. Files stored on the files system, directories, records stored in a database, peripheral devices of a computer system, memory blocks, and network sockets are all examples of objects. Objects are mostly passive resources that are accessed by users, processes and applications.

Subject: An active entity such as a user or a process that accesses the information contained within an objects.

Permission: represents the authorization to perform some action on an object in a system. It is important to note that one action such as either read or write etc. on two different objects represents different permissions.

Access control policy: an access control policy also referred to as the security policy defines the high level rules that regulate access to resources and determines who are allowed to access objects of the system under the stated circumstances.

Access Control Model: an access control model formally defines the working of the policy and provides a description of the security properties of the system represented by the model. Access control models use the formal specification to bridge the gap in abstraction between policy and mechanism. The models are helpful in defining the limits of the system theoretically. Discretionary access control, mandatory access control, and role based access control are well known examples of access control models.

Access Control Mechanism: An access control mechanism is the set of hardware and software that enforce the access control policy within a system according to the specifications of an access control model. It is argued that if the access control mechanism of a system effectively implements an access control model and the security of the model is proven then system is said to be secure.

The access control mechanism works as a reference monitor which is a trusted, tamper proof, non by-passable component that mediates all of the access requests in a system

Access Control Models:

  • Discretionary Access Control (DAC)
  • Mandatory Access Control Model (MAC)
  • Role Base Access Control Model (RBAC)

Discretionary Access Control:

Discretionary access control uses the identity of the user and the authorization rules to determine the privileges that a user has within a system. DAC leaves a certain amount of access control decision to the discretion of the object’s owner to determine which users have what kind of access to his objects; it is the owner of the file who controls accesses to the file by other users. The discretionary model is most commonly represented in the form of an Access control matrix (ACM). An access control matrix is a structure or a table where a subject is represented on each row and the columns represent objects, the cells have entries that show the rights that the subject has on the object. DAC policy tends to be simple and very flexible and is widely used in a variety of computer systems. One of the major weaknesses of DAC is that programs inherit the identity of the invoking user which makes the system vulnerable to malicious programs that are disguised as benign programs which are invoked by unsuspecting users.

Mandatory Access Control

Mandatory Access Control allows the enforcement of a security policy according to the security requirements of an organization. Owners of a document don’t have any role to play in determining the permissions for an object; rather a central authority is responsible for the specification of a security policy that is enforced on all of the objects within the system. Different kinds of policies may be devised based on the desired objectives that the policy writer wants to achieve. The major strength of MAC mechanisms is its ability to control flow of information between different objects in a system. A labeling mechanism is employed to label the objects in a system and a policy is specified that determines the flow of information that can take place between objects having specific labels. Some examples of MAC mechanisms include the Bell La-padula, Biba, Clark Wilson, Chinese wall policy etc.

Role Based Access Control

Role based access control greatly simplifies the specification and management of authorization rules by grouping users of a system in to roles based on their duties and authorizations within the organization. Roles provide an effective means to control access according to the security policy of an organization and significantly streamline the administration and management of the permissions assigned to the users. Permissions are assigned to roles, members of a role inherit the permissions assigned to the role and the access decision is based on the role of a user. Membership in only those roles is granted to a user, which is most closely related to his/her responsibilities and duties within an organization. Users can be easily added or removed from a group based on the changes in their job functions and their responsibilities. The permissions associated with a role can also be changed conveniently according to the changes in the organizational structure. As the privileges of a role are changed or updated they are automatically propagated to their members, this eliminates the need to configure the permissions of each user on an individual basis.


Some of the traditional access control models utilize the access control matrix or a similar structure to keep track of the permissions that users have on objects within a system while others make use of a policy and a centralized or a distributed reference monitor which mediates the access request from subjects and decides whether the subject has permissions to access the object based on the access control and security policy of the system. Once it is established that the user is allowed to access an object there are no further checks applied and the subject can access the object for as long as he desires, there is no concept of revoking access from the subject. Recent developments in information technology requires access control models to continuously check access to an object as the permissions to access an object may change with the passage of time. The concept of revoking access must be accommodated and taken into consideration when access to object is limited by temporal, spatial and other constraints such as payment and subscription based access to digital resources, as in such cases a subject’s permission to access an object may decrease or even expire in which case access to the object needs to be revoked from the subject. UCON extends the traditional access control models and includes new features in order to meet the challenges of modern, open, and dynamic computing environments. In UCON the authorizations to access objects is based on predicates that utilize subject and objet attributes to define the requirements and conditions under which a subject is allowed to access an object. In UCON the attributes of the subject or an object may change as a result of which the state of the system changes. The distinguishing aspects of UCON that sets it apart from the prevailing access control models is the continuity of access decision and attribute mutability.

Leave a Reply