{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T15:40:37Z","timestamp":1779118837262,"version":"3.51.4"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,2,1]],"date-time":"2008-02-01T00:00:00Z","timestamp":1201824000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,2]]},"abstract":"<jats:p>Collaborative systems such as Grids provide efficient and scalable access to distributed computing capabilities and enable seamless resource sharing between users and platforms. This heterogeneous distribution of resources and the various modes of collaborations that exist between users, virtual organizations, and resource providers require scalable, flexible, and fine-grained access control to protect both individual and shared computing resources. In this article we propose a usage control (UCON) based security framework for collaborative applications, by following a layered approach with policy, enforcement, and implementation models, called the PEI framework. In the policy model layer, UCON policies are specified with predicates on subject and object attributes, along with system attributes as conditional constraints and user actions as obligations. General attributes include not only persistent attributes such as role and group memberships but also mutable usage attributes of subjects and objects. Conditions in UCON can be used to support context-based authorizations in ad hoc collaborations. In the enforcement model layer, our novel framework uses a hybrid approach for subject attribute acquisition with both push and pull modes. By leveraging attribute propagations between a centralized attribute repository and distributed policy decision points, our architecture supports decision continuity and attribute mutability of the UCON policy model, as well as obligation evaluations during policy enforcement. As a proof-of-concept, we implement a prototype system based on our proposed architecture and conduct experimental studies to demonstrate the feasibility and performance of our approach.<\/jats:p>","DOI":"10.1145\/1330295.1330298","type":"journal-article","created":{"date-parts":[[2008,2,8]],"date-time":"2008-02-08T15:32:16Z","timestamp":1202484736000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":77,"title":["Toward a Usage-Based Security Framework for Collaborative Computing Systems"],"prefix":"10.1145","volume":"11","author":[{"given":"Xinwen","family":"Zhang","sequence":"first","affiliation":[{"name":"Samsung Information Systems America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masayuki","family":"Nakae","sequence":"additional","affiliation":[{"name":"NEC Corporation"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael J.","family":"Covington","sequence":"additional","affiliation":[{"name":"Intel Corporation"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ravi","family":"Sandhu","sequence":"additional","affiliation":[{"name":"University of Texas at San Antonio and TriCipher Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,2,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2004.10.006"},{"key":"e_1_2_1_2_1","volume-title":"Extreme Programming Explained: Embrace Change","author":"Beck K."},{"key":"e_1_2_1_3_1","volume-title":"Secure computer systems: Mathematical foundations and model. Tech. rep","author":"Bell D. E."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/990036.990056"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems. http:\/\/www.bittorrent.com\/bittorrentecon.pdf.","author":"Cohen B.","year":"2003"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/373256.373258"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734666_17"},{"key":"e_1_2_1_8_1","unstructured":"DB4Object. http:\/\/www.db4o.com\/.  DB4Object. http:\/\/www.db4o.com\/."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/288090.288111"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1177\/109434200101500302"},{"key":"e_1_2_1_12_1","unstructured":"Johnston W. E. 2002. The computing and data grid approach: Infrastructure for distributed science applications. Computing the Informatics. Special Issue on Grid Computing.  Johnston W. E. 2002. The computing and data grid approach: Infrastructure for distributed science applications. Computing the Informatics. Special Issue on Grid Computing."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2004.53"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 4th International Workshop on Grid Computing.","author":"Lorch M."},{"key":"e_1_2_1_15_1","unstructured":"mod_dav. a DAV module for Apache http:\/\/www.webdav.org\/mod_dav\/.  mod_dav. a DAV module for Apache http:\/\/www.webdav.org\/mod_dav\/."},{"key":"e_1_2_1_16_1","unstructured":"OASIS XACML. Core Specification: eXtensible Access Control Markup Language (XACML). OASIS XACML.  OASIS XACML. Core Specification: eXtensible Access Control Markup Language (XACML). OASIS XACML."},{"key":"e_1_2_1_17_1","unstructured":"OpenLDAP. http:\/\/www.openldap.org\/.  OpenLDAP. http:\/\/www.openldap.org\/."},{"key":"e_1_2_1_18_1","unstructured":"OpenSSL. http:\/\/www.openssl.org\/.  OpenSSL. http:\/\/www.openssl.org\/."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Sitges","author":"Park J."},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the Annual Computer Security Applications Conference","author":"Park J. S."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of IEEE Workshop on Policies for Distributed Systems and Networks.","author":"Pearlman L."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030125"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.241422"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/344287.344309"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128820"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.185"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102130"},{"key":"e_1_2_1_30_1","unstructured":"Subversion. http:\/\/subversion.tigris.org\/.  Subversion. http:\/\/subversion.tigris.org\/."},{"key":"e_1_2_1_31_1","unstructured":"TCG MTM. 2006. Mobile trusted module specification https:\/\/www.trustedcomputinggroup. org\/specs\/mobilephone\/tcg-mobile-trusted-m odule-0.9.pdf.  TCG MTM. 2006. Mobile trusted module specification https:\/\/www.trustedcomputinggroup. org\/specs\/mobilephone\/tcg-mobile-trusted-m odule-0.9.pdf."},{"key":"e_1_2_1_32_1","unstructured":"TCG TPM. 2003. Main part 1 design principles specification version 1.2 https:\/\/www. trustedcomputinggroup.org.  TCG TPM. 2003. Main part 1 design principles specification version 1.2 https:\/\/www. trustedcomputinggroup.org."},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the 11th IFIP WG 11.3 Working Conference on Database and Application Security. Published as Database Security XI: Status and Prospects. T. Y. Lin and X. Qian, Eds. North-Holland.","author":"Thomas R."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950196"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1057977.1057979"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing","author":"Welch V."},{"key":"e_1_2_1_37_1","unstructured":"XACML. Sun's XACML implementation http:\/\/sunxacml.sourceforge.net\/.  XACML. Sun's XACML implementation http:\/\/sunxacml.sourceforge.net\/."},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the 4th International Workshop on Grid Computing.","author":"Zhang G."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108906.1108908"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330295.1330298","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1330295.1330298","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:47:31Z","timestamp":1750258051000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330295.1330298"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,2]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,2]]}},"alternative-id":["10.1145\/1330295.1330298"],"URL":"https:\/\/doi.org\/10.1145\/1330295.1330298","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,2]]},"assertion":[{"value":"2006-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-02-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}