ights and external identities, and Onion PolicyAdministration Model (OPA) [5], a new modelfor super-distribution which provides acompl<strong>et</strong>e traceability of the contentdistribution. The Applicability of the (E)DRMmodels to Governmental Organizations willalso be a direction of future work.References[1] P. Bieber <strong>et</strong> F. Cuppens. A Logical View ofSecure Dependencies. Journal of ComputerSecurity, 1(1), IOS press, 1992.[2] P. Bieber <strong>et</strong> F. Cuppens. SecureDependencies with Dynamic LevelAssignements. 5 th IEEE Computer SecurityFoundations Workshop, Franconia, 1992.[3] A. Sabelfeld and D. Sands. Dimensions andPrinciples of Declassification. In 18 th IEEEWorkshop on Computer Security Foundations,June 20 - 22, 2005.[4] T. Sans, F. Cuppens and N. Cuppens-Boulahia. FORM: A Federated RightsExpression Model for Open DRM Frameworks.ASIAN'06. Tokyo, Japan. December 2006.[5] T. Sans, F. Cuppens and N. Cuppens-Boulahia. OPA: Onion Policy AdministrationModel - Another approach to manage rights inDRM. IFIP/SEC. May 2007.Dynamic access and usage control in pervasive environmentsResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia – Ph.D. Student: Yehia El RakaibyKeywords : Usage Control, Dynamic Access ControlApplications : Security of ubiquitous computing and pervasive environmentPartners & Funding : partially funded Conseil Régional de Br<strong>et</strong>agneIntroductionOver the previous several years, the world haswitnessed an important evolution in theexchange of digital information due toadvances in n<strong>et</strong>works and communication.N<strong>et</strong>works localization and presence servicesand the increase in the computing capabilitiesof the different electronic devices made way tohighly intelligent context-aware applications.Capturing security requirements of suchapplications in a policy-based securityframework represent an interesting challenge.One of those new security requirements isusage control. Usage control refers to thecontrols over data after it is released to som<strong>et</strong>hird party. It is undeniable that usage controlin today's digital environment is of utmostimportance and is needed in many applicationssuch as: DRM applications, P2P, availabilityrequirements, <strong>et</strong>c. Essentially, usage controldefine requirements that must be m<strong>et</strong> before,while or after the use of some resource.Examples of possible usage controls are "theuser must keep watching an advertisementwindow while watching the video" or "Withinthirty days after the use of the resource, theuser must pay for the use of the service".Among previous works on usage control are[1, 2].Salient features of future applications are mostlikely to include context-awareness andinteractivity b<strong>et</strong>ween the different serviceactors. Therefore it seems reasonable toassume that for a policy-based system toadequately me<strong>et</strong> those requirements, it mustenable the expression of some sort of dynamiccontextual security rules such as “from 9AM to18PM, if any of my family members requestsaccess to my files, I would like to be contactedto authorize the access”. One may justly saythat traditional access control systems relyingon MAC, DAC or RBAC policies are too rigid forthe expression of such security policies. Othermore recent policy-based systems whoseexpressivity is arguably b<strong>et</strong>ter suited for theexpression of such policies are [3, 4, 5].In this thesis, we have focused our attentionon the study of the different security56 Pracom’s Annual Report <strong>2008</strong>
equirements in pervasive environments. Inparticular, we studied the best means for theexpression of usage control and dynamicaccess control within an integrated singlesecurity framework.RealizationWe have first analyzed the securityrequirements of future applications, namelyusage and dynamic access control, and studiedthe current policy-based security frameworks.We aim to develop an intuitive language withformal semantics for the representation ofdynamic security requirements and provideoperational formal interpr<strong>et</strong>ation of thedeveloped language. From our analysis of thenature of dynamic access control and usagecontrol, the notion of obligations appeared tobe fundamental (the same conclusion wasreached by previous works on usage control[1, 2]). Therefore, we have worked on thespecification of an obligation controller for theinterpr<strong>et</strong>ation of the dynamic part of ourpolicy. In order to give formal operationalsemantics to the controller, we have studiedthe well established ECA paradigm from activedatabases and identified how active rules canadequately provide the controller clear formaloperational semantics. Our final goal was tointegrate the obligation controller with acontext-aware access controller in a singlesecurity framework.Future workFuture work consists of the finalization of ourapproach in order to have a single policybasedsecurity framework which encompassestraditional access control, dynamic accesscontrol and usage control.References[1] J. Park and R. Sandhu. The UCON ABCusage control model. ACM Trans. InformationSystems Security, 2004.[2] M. Hilty, A. Pr<strong>et</strong>schner, D. Basin, C.Schaefer and T. Walter. A Policy Language forDistributed Usage Control. ESORICS, 2007.[3] A. Abou El Kalam, R. El Baida, P. Balbiani,S. Benferhat, F. Cuppens, Y. Deswarte, A.Miege, C. Saurel and G. Trouessin.Organization based access control. Policy,2003.[4] F. Cuppens, N. Cuppens-Boulahia and T.Sans. Nomad: A Security Model with NonAtomic Actions and Deadlines. 18th IEEECSFW, Aix-en-Provence, France, Juin 2005.[5] L. Kagal, T. Fini and A. Joshi. A policylanguage for a pervasive computingenvironment. Policy, 2003.Pracom’s Annual Report <strong>2008</strong> 57