Abstract
Data usage control enables data owners to enforce policies over how their data may be used after they have been released and accessed. We address distributed aspects of this problem, which arise if the protected data reside within multiple systems. We contribute by formalizing, implementing, and evaluating a fully decentralized system that (i) generically and transparently tracks protected data across systems, (ii) propagates data usage policies along, and (iii) efficiently and preventively enforces policies in a decentralized manner. The evaluation shows that (i) dataflow tracking and policy propagation achieve a throughput of 21--54% of native execution and (ii) decentralized policy enforcement outperforms a centralized approach in many situations.
- Berthold Agreiter, Muhammad Alam, Ruth Breu, Michael Hafner, Alexander Pretschner, Jean-Pierre Seifert, and Xinwen Zhang. 2007. A technical architecture for enforcing usage control requirements in service-oriented architectures. In Proceedings of the Workshop on Secure Web Services. ACM, 18--25. Google Scholar
Digital Library
- Ali Alzahrani, Helge Janicke, and Sarshad Abubaker. 2010. Decentralized XACML overlay network. In Proceedings of the IEEE 10th International Conference on Computer and Information Technology. 1032--1037. Google Scholar
Digital Library
- David Basin, Germano Caronni, Sarah Ereth, Matúš Harvan, Felix Klaedtke, and Heiko Mantel. 2014. Scalable offline monitoring. In Runtime Verification. LNCS, Vol. 8734. Springer, 31--47.Google Scholar
- David Basin, Matúš Harvan, Felix Klaedtke, and Eugen Zălinescu. 2013. Monitoring data usage in distributed systems. IEEE Trans. Softw. Eng. 39, 10 (2013), 1403--1426. Google Scholar
Digital Library
- David Basin, Felix Klaedtke, Samuel Müller, and Eugen Zălinescu. 2015. Monitoring metric first-order temporal properties. J. ACM 62, 2, Article 15 (2015), 15:1--15:45 pages. Google Scholar
Digital Library
- Andreas Bauer and Yliès Falcone. 2012. Decentralised LTL monitoring. In Proceedings of the Conference on Formal Methods (FM’12). LNCS, Vol. 7436. Springer, 85--100.Google Scholar
Cross Ref
- David W. Chadwick, Linying Su, and Romain Laborde. 2008. Coordinating access control in grid services. Concurr. Comput.: Pract. Exp. 20, 9 (2008), 1071--1094. Google Scholar
Digital Library
- Yu-Yuan Chen, Pramod A. Jamkhedkar, and Ruby B. Lee. 2012. A software-hardware architecture for self-protecting data. In Proceedings of the Conference on Computer and Communications Security. ACM, 14--27. Google Scholar
Digital Library
- Isao Echizen, Takayuki Yamada, and Seiichi Gohshi. 2015. IR Hiding: Use of Specular Reflection for Short-Wavelength-Pass-Filter Detection to Prevent Re-recording of Screen Images. Springer, 38--54.Google Scholar
- Denis Feth and Alexander Pretschner. 2012. Flexible data-driven security for android. In Proceedings of the 6th International Conference on Software Security and Reliability. 41--50. Google Scholar
Digital Library
- Richard Gay, Heiko Mantel, and Barbara Sprick. 2012. Service automata. In Formal Aspects of Security and Trust. LNCS, Vol. 7140. Springer, 148--163. Google Scholar
Digital Library
- Matús Harvan and Alexander Pretschner. 2009. State-based usage control enforcement with data flow tracking using system call interposition. In Proceedings of the 3rd International Conference on Network and System Security. 373--380. Google Scholar
Digital Library
- Boniface Hicks, Sandra Rueda, Dave King, Thomas Moyer, Joshua Schiffman, Yogesh Sreenivasan, Patrick McDaniel, and Trent Jaeger. 2010. An architecture for enforcing end-to-end access control over web applications. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, 163--172. Google Scholar
Digital Library
- Manuel Hilty, David Basin, and Alexander Pretschner. 2005. On obligations. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’05). LNCS, Vol. 3679. Springer, 98--117. Google Scholar
Digital Library
- Manuel Hilty, Alexander Pretschner, David Basin, Christian Schaefer, and Thomas Walter. 2007. A policy language for distributed usage control. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’07). LNCS, Vol. 4734. Springer, 531--546. Google Scholar
Digital Library
- Renato Iannella. 2000. Open Digital Rights Management. Technical Report. IPR Systems Pty Ltd.Google Scholar
- Helge Janicke, Antonio Cau, François Siewe, and Hussein Zedan. 2008. Concurrent enforcement of usage control policies. In Proceedings of the IEEE Workshop on Policies for Distributed Systems and Networks. 111--118. Google Scholar
Digital Library
- Helge Janicke, Mohamed Sarrab, and Hamza Aldabbas. 2012. Controlling data dissemination. In Data Privacy Management and Autonomous Spontaneus Security. LNCS, Vol. 7122. Springer, 303--309. Google Scholar
Digital Library
- Florian Kelbert. 2016. Data Usage Control for Distributed Systems. Ph. D. Dissertation. Technical University of Munich, Garching b. München, Germany.Google Scholar
- Florian Kelbert and Alexander Pretschner. 2013. Data usage control enforcement in distributed systems. In Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. ACM, 71--82. Google Scholar
Digital Library
- Florian Kelbert and Alexander Pretschner. 2014. Decentralized distributed data usage control. In Cryptology and Network Security. LNCS, Vol. 8813. Springer, 353--369. Google Scholar
Digital Library
- Florian Kelbert and Alexander Pretschner. 2015. A fully decentralized data usage control enforcement infrastructure. In Applied Cryptography and Network Security. LNCS, Vol. 9092. Springer, 409--430.Google Scholar
- Rob H. Koenen, Jack Lacy, Michael Mackay, and Steve Mitchell. 2004. The long march to interoperable digital rights management. Proc. IEEE 92, 6 (2004), 883--897.Google Scholar
Cross Ref
- Paul Kranenburg and Dmitry Levin. 2015. strace. Retrieved from http://sourceforge.net/projects/strace/.Google Scholar
- Prachi Kumari and Alexander Pretschner. 2013. Model-based usage control policy derivation. In Engineering Secure Software and Systems. LNCS, Vol. 7781. Springer. Google Scholar
Digital Library
- Prachi Kumari, Alexander Pretschner, Jonas Peschla, and Jens-Michael Kuhn. 2011. Distributed data usage control for web applications: A social network implementation. In Proceedings of the 1st ACM Conference on Data and Application Security and Privacy. ACM, 85--96. Google Scholar
Digital Library
- David Kyle and José Carlos Brustoloni. 2007. UCLinux: A linux security module for trusted-computing-based usage controls enforcement. In Proceedings of the Workshop on Scalable Trusted Computing. ACM, 63--70. Google Scholar
Digital Library
- Aliaksandr Lazouski, Gaetano Mancini, Fabio Martinelli, and Paolo Mori. 2014. Architecture, workflows, and prototype for stateful data usage control in cloud. In Proceedings of the IEEE Security 8 Privacy Workshops. 23--30. Google Scholar
Digital Library
- Orna Lichtenstein, Amir Pnueli, and Lenore Zuck. 1985. The glory of the past. In Logics of Programs. LNCS, Vol. 193. Springer, 196--218. Google Scholar
Digital Library
- Daniel Lienert. 2012. Distributed Usage Control for the MySQL Database Server. Master’s thesis. Karlsruhe Institute of Technology, Germany.Google Scholar
- Qiong Liu, Reihaneh Safavi-Naini, and Nicholas Paul Sheppard. 2003. Digital rights management for content distribution. In Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003 - Volume 21. Australian Computer Society, 49--58. Google Scholar
Digital Library
- Michael Lörscher. 2012. Data Usage Control for the Thunderbird Mail Client. Master’s thesis. University of Kaiserslautern, Germany.Google Scholar
- Enrico Lovat and Florian Kelbert. 2014. Structure matters—a new approach for data flow tracking. In Proceedings of the IEEE Security and Privacy Workshops. Google Scholar
Digital Library
- Enrico Lovat, Martín Ochoa, and Alexander Pretschner. 2016. Sound and precise cross-layer data flow tracking. In Proceedings of the 8th International Symposium on Engineering Secure Software and Systems. Springer, 38--55. Google Scholar
Digital Library
- Enrico Lovat, Johan Oudinet, and Alexander Pretschner. 2014. On quantitative dynamic data flow tracking. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM, 211--222. Google Scholar
Digital Library
- Andrew C. Myers and Barbara Liskov. 1997. A decentralized model for information flow control. SIGOPS Oper. Syst. Rev. 31, 5 (Oct. 1997), 129--142. Google Scholar
Digital Library
- Ricardo Neisse, Dominik Holling, and Alexander Pretschner. 2011a. Implementing trust in cloud infrastructures. In Proceedings of the 11th International Symposium on Cluster, Cloud and Grid Computing. IEEE, 524--533. Google Scholar
Digital Library
- Ricardo Neisse, Alexander Pretschner, and Valentina Di Giacomo. 2011b. A trustworthy usage control enforcement framework. In Proceedings of the 6th International Conference on Availability, Reliability and Security. 230--235. Google Scholar
Digital Library
- Ioannis Papagiannis and Peter Pietzuch. 2012. CloudFilter: Practical control of sensitive data propagation to the cloud. In Proceedings of the Workshop on Cloud Computing Security Workshop. ACM, 97--102. Google Scholar
Digital Library
- Jaehong Park and Ravi Sandhu. 2004. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 1 (2004), 128--174. Google Scholar
Digital Library
- Alexander Pretschner, Matthias Büchler, Matúš Harvan, Christian Schaefer, and Thomas Walter. 2009. Usage control enforcement with data flow tracking for X11. In Proceedings of the 5th International Workshop on Security and Trust Management (STM’09).Google Scholar
- Alexander Pretschner, Manuel Hilty, and David Basin. 2006. Distributed usage control. Commun. ACM 49, 9 (2006), 39--44. Google Scholar
Digital Library
- Alexander Pretschner, Manuel Hilty, David Basin, Christian Schaefer, and Thomas Walter. 2008. Mechanisms for usage control. In Proceedings of the Symposium on Information, Computer and Communications Security. ACM, 5. Google Scholar
Digital Library
- Alexander Pretschner, Enrico Lovat, and Matthias Büchler. 2012. Representation-independent data usage control. In Data Privacy Management and Autonomous Spontaneus Security. LNCS, Vol. 7122. Springer. Google Scholar
Digital Library
- Alexander Pretschner, Fabio Massacci, and Manuel Hilty. 2007. Usage control in service-oriented architectures. In Trust, Privacy and Security in Digital Business. LNCS, Vol. 4657. Springer, 83--93. Google Scholar
Digital Library
- Giovanni Russello and Naranker Dulay. 2009. xDUCON: Coordinating usage control policies in distributed domains. In Third International Conference on Network and System Security. 246--253. Google Scholar
Digital Library
- Gelareh Taban, Alvaro A. Cárdenas, and Virgil D. Gligor. 2006. Towards a secure and interoperable DRM architecture. In Proceedings of the ACM Workshop on Digital Rights Management. ACM, 69--78. Google Scholar
Digital Library
- Danan Thilakanathan, Rafael Calvo, Shiping Chen, and Surya Nepal. 2013. Secure and controlled sharing of data in distributed computing. In Proceedings of the 16th International Conference on Computational Science and Engineering. 825--832. Google Scholar
Digital Library
- Tobias Wüchner and Alexander Pretschner. 2012. Data loss prevention based on data-driven usage control. In Proceedings of the IEEE 23rd International Symposium on Software Reliability Engineering. 151--160. Google Scholar
Digital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières. 2008. Securing distributed systems with information flow control. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. Google Scholar
Digital Library
- Olive Qing Zhang, Markus Kirchberg, Ryan K. L. Ko, and Bu Sung Lee. 2011. How to track your data: The case for cloud computing provenance. In Proceedings of the 3rd International Conference on Cloud Computing Technology and Science. Google Scholar
Digital Library
- Qing Zhang, John McCullough, Justin Ma, Nabil Schear, Michael Vrable, Amin Vahdat, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage. 2010. Neon: System support for derived data management. In Proceedings of the 6th ACM International Conference on Virtual Execution Environments. ACM, 63--74. Google Scholar
Digital Library
- Xinwen Zhang, Jean-Pierre Seifert, and Ravi Sandhu. 2008. Security enforcement model for distributed usage control. Proceedings of the International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing. 10--18. Google Scholar
Digital Library
Index Terms
Data Usage Control for Distributed Systems
Recommendations
Data usage control enforcement in distributed systems
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyDistributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client ...
A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologiesWhile preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Modeling and expressing purpose validation policy for privacy-aware usage control in distributed environment
ICUIMC '14: Proceedings of the 8th International Conference on Ubiquitous Information Management and CommunicationPrivacy-aware usage control is a control of the usage of private data with the aim to protect data owner privacy. In privacy-aware system, the purpose of data usage is strictly controlled to ensure that data owner privacy is properly protected and data ...






Comments