Usage Control-Based Graph Model

Today the information technology innovation and the society unify more and more tightly. In this kind of situation, we have met many of the questions about the security and privacy. Access control(AC) is one of the methods to solve these questions and from this kind of questions AC is considered to be the main method for security communications. The tradition access control(TAC) focuses on data protection in a closed system. Especially in the electronic commerce application aspect, there are many new requests to the access control. In modern information system the usage of digital object, such as read or write, has no relation with the time, but the operation of on-line reads based on payment has relation with the time. The operation of on-line reads is according to how long to determine the payment amount. In order to solve this kind of problems there are many solutions, and the usage control is one of them.Usage Control(UCON) encompasses traditional access control, trust management, and digital trust management and goes beyond their definitions and scopes. Recently presented use control has been considered as the next generation access control model, and it including oBligation, Condition, Authorization, Continuity, and Mutability. The tradition access control only cared about the closed system, merely uses authorization to decide whether subject accesses the goal object resources. But UCON integrate Authorization(A), oBligation(B), and Condition(C) for decision-making, which is developed as a core usage control model UCONabc. and is core part of the UCON decision-making. Authorizations decide whether access based on the subject and object attributes, and rights. Obligations are actions that are required to be performed before or during an access process, when the obligations satisfy the subject permits the access. Conditions are environment restrictions that are required to be valid before or during an access, and the environment or system restrictions are satisfied permit the access. In the tradition access control, the decision-making is in the time of request, however has the long time access or needs to immediate revoke the access, this need to consider continuity of decision-making. In addition, mutability is change of subject, object and the system attributes, and this kind of change is result of the access.There are several new innovations as following:1. I study the tradition access control model thoroughly. To the discretionary access control(DAC), the mandatory access control(MAC) and the role-based access control(RBAC) I summarize respective advantages and disadvantages beyond the foundation of research.2. I study the usage control model(UCON), summarize its advantages and disadvantages. Especially I thoroughly study the temporal logic model based on the usage control.3. Based on studies of other models this dissertation proposes some basic temporal logic rules which be expressed by graph.4. Based on temporal logic rules which be expressed by graph, this dissertation proposed Usage Control -Based Graph Model(UCBGM). Each kind of strategy is made description for the authorize model, the obligation model and the condition model in usage control, and at the same time the dissertation give each model detailed algorithm.5. Finally the dissertation uses the UCBGM model to simulate MAC to solve the security problem which in electronic military.