UCON+: Comprehensive Model, Architecture and Implementation for Usage Control and Continuous Authorization

In highly dynamic and distributed computing environments (e.g., Cloud, Internet of Things (IoT), mobile, edge), robust access and usage control of assets is crucial. Since assets can be replicated in various locations on heterogeneous platforms and dynamic networks with unknown or partially authenticated users, the need for a uniform control mechanism is essential. The theory of Usage Control (UCON) is an example of such a mechanism to regulate access and usage of resources based on expressive polices and a loosely-coupled enforcement technology. However, in complex socio-technical systems, concerns about scalability, performance, modularity often arise, and existing UCON models and frameworks cannot meet such requirements. To tackle these concerns, we introduce UCON+, an improvement over existing UCON models, which adds continuous monitoring before granting and after revoking authorizations as well as policy administration and delegation. This chapter aggregates our recent contributions on the conceptual, architectural, and implementation level of UCON+, and provides a comprehensive reference to describe the current state-of-the-art and the novelties of UCON+.