Logical Model and Specification of Usage Control

The recent usage control model (UCON) is a foundation for next generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCONABC core models by Park and Sandhu. Based on these core aspects, we develop a firstorder logic specification of UCON with an extension of Lamport’s temporal logic of actions (TLA). The building blocks of this model include: (1) a sequence of states expressed by the attributes of the subjects, the objects, and the system, (2) authorization predicates on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates on system attributes. Usage control policies are defined as a set of temporal logic formulas that are satisfied as system state changes. We show the flexibility and expressive capability of this logic model by specifying the core models of UCON and some applications. We also show how model checking based on computational tree logic can verify security policies in a UCON system specified in this manner.