Abstract: The term usage control is a generalization of access control to cover obligations, conditions, ongoing controls and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by the subject for allowing access. Conditions are subject and object-independent environmental requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Traditional authorization decisions are generally made at the time of requests but hardly recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied.

In this talk we motivate the need for usage control and show how it encompasses traditional access control, such as mandatory, discretionary and role-based access control, and more recent requirements such as trust management, digital rights management and privacy.

Biography: Dr. Ravi Sandhu is Professor of Information Security and Assurance and Director of the Laboratory for Information Security Technology at George Mason University in Fairfax, Virginia. He also serves as Chief Scientist of NSD Security in Herndon, Virginia. He teaches several popular graduate-level security courses at GMU and has lectured all over the world. He has published over 150 technical papers on computer security in refereed journals, conference proceedings and books. He is the founding editor-in-chief of the ACM Transactions on Information and Systems Security (TISSEC), and is security editor for IEEE Internet Computing. He has served on numerous program and conference committees, and also as program chair and general chair on several occasions. He founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies, and is past Chairman of ACM's Special Interest Group on Security Audit and Control (SIGSAC). He has provided high-level security consulting services to numerous private and government organizations. Dr. Sandhu is a leading authority on authorization, authentication and access control

He is a Fellow of the ACM and a Fellow of IEEE.

More information may be found at: http://www.list.gmu.edu/sandhu/