Access and usage control is a major challenge in information and
computer security in a distributed network connected environment. Many models
have been proposed such as traditional access control and UCONABC. Though these
models have achieved their objectives in some areas, there are some issues both
have not dealt with. The issue of what happens to a resource once it has been
accessed rightfully. In view of this, this paper comes out with how to control
resource usage by a concept known as the package concept. This concept can be
implemented both with internet connection and without the internet connection
to ensure continual control of resource. It packages the various types of resources
with the required policies and obligations that pertain to the use of these
different resources. The package concept of ensuring usage control focuses on
resource by classifying them into three: Intellectual, sensitive and non-sensitive
resources. Also this concept classifies access or right into three as: access
to purchase, access to use temporally online and access to modify. The concept
also uses biometric mechanism such as fingerprints for authentication to check
redistribution of resource and a logic bomb to help ensure the fulfillment of
Cite this paper
P. Ghann, C. Wang and C. Zhou, "The Package Concept for Enforcing Usage Control," Journal of Information Security, Vol. 4 No. 2, 2013, pp. 67-72. doi: 10.4236/jis.2013.42008.
 A. Lazouski, F. Martinelli and P. Mori, “Usage Control in Computer Security, a Survey,” Computer Science Review, Vol. 4, No. 2, 2010, pp. 81-99.
 J. Park and R. Sandhu, “A Usage Control (UCON) Model for Social Network Privacy,” 2010.
 J. Park, X. Zhang and R. S. Sandhu, “Attribute Mutability in Usage Control,” Proceedings of IFIP TC11/WG, Eighteen Annual Conferences on Data and Application Security, Kluwer, Vol. 144, 2004, pp.15-29.
 J. Wu and S. Shimatoto, “Usage Control Based Security Access Scheme for Wireless Sensor Network,” Proceedings of IEEE International Conference on Communication (ICC 2010), Cape Town, 23-27 May 2010, pp. 1-5.
 M. Sastry, R. Krishnan and R. Sandhu, “A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems,” In: Communications in Computer and Information Science, Springer, Berlin, 2007, pp. 153-158.
 R. Alnemr, et al., “Enabling Usage Control Reputation Objects, A Discussion on e-Commerce and Internet of Services Environments,” Journal of Theoretical and Applied Electronic Commerce Research Electronic Version, Vol. 5, No. 2, 2010, pp. 59-79.
 W. Shin and S. B. Yoo, “Secured Web Services Based on Extended Usage Control,” In: PAKDD Workshops, Lecture Notes in Computer Science, Springer, Berlin, 2007, pp. 656-663.
 B. X. Zhao, et al., “Towards a Time—Based Usage Control Model,” W3C Privacy and Data Usage Control Workshop, Cambridge, 2010.
 C. Moucha, E. Lovat and A. Pretschner, “A Virtual Usage Control Bus System,” Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable, Vol. 2 No. 4, 2010, pp. 84-101.
 C. Bettini, S. Jajodia, X. S. Wang and D. Wijesekera, “Obligation Monitoring in Policy Management,” Proceedings of 3rd IEEE International Workshop for Distributed Systems and Networks Policy, Monterey, 2002, pp. 2-12.
 D. Basin, et al., “Monitoring Usage Control Policies in Distributed Systems,” IEEE, 2011, pp. 88-95.
 D. Basin, et al., “MONPOLY: Monitoring Usage Control Policies,” Lecture Notes in Computer Science, Vol. 7186, 2012, pp. 360-364. doi:10.1007/978-3-642-29860-8_27
 E. Maler, “Controlling Data Usage with User—Managed Access (UMA),” W3C Privacy and Data Usage Control Workshop, Cambridge, 2010.
 G. D. Bai, et al., “Context-Aware Usage Control for Android,” 6th international ICST Conference on Security and Privacy in Communication, Singapore, 7-9 September, 2010, pp. 326-343.