Abstract
Usage control is concerned with what happens to data after access has been granted. In the literature, usage control models have been defined on the grounds of events that, somehow, are related to data. In order to better cater to the dimension of data, we extend a usage control model by the explicit distinction between data and representation of data. A data flow model is used to track the flow of data in-between different representations. The usage control model is then extended so that usage control policies can address not just one single representation (e.g., delete file1.txt after thirty days) but rather all representations of the data (e.g., if file1.txt is a copy of file2.txt, also delete file2.txt). We present three proof-of-concept implementations of the model, at the operating system level, at the browser level, and at the X11 level, and also provide an ad-hoc implementation for multi-layer enforcement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lovat, E., Pretschner, A.: Data-centric multi-layer usage control enforcement: A social network example. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 151–152 (2011)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2008)
Harvan, M., Pretschner, A.: State-based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In: Proc. 3rd Intl. Conf. on Network and System Security, pp. 373–380 (2009)
Pretschner, A., Buechler, M., Harvan, M., Schaefer, C., Walter, T.: Usage control enforcement with data flow tracking for x11. In: Proc. 5th Intl. Workshop on Security and Trust Management, pp. 124–137 (2009)
Schaefer, C., Walter, T., Pretschner, A., Harvan, M.: Usage control policy enforcement in OpenOffice.org and information flow. In: Proc. Annual ISSA (2009)
Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for Usage Control. In: Proc. ACM Symposium on Information, Computer & Communication Security, pp. 240–245 (2008)
Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: Monitors for usage control. In: Proc. Trust Management, vol. 238, pp. 411–414 (2007)
Neisse, R., Holling, D., Pretschner, A.: Implementing trust in cloud infrastructures. In: CCGrid (2011), http://zvi.ipd.kit.edu
Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)
Ion, I., Dragovic, B., Crispo, B.: Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices. In: Proc. Annual Computer Security Applications Conference, pp. 233–242. IEEE Computer Society (2007)
Desmet, L., Joosen, W., Massacci, F., Naliuka, K., Philippaerts, P., Piessens, F., Vanoverberghe, D.: The S3MS.NET Run Time Monitor: Tool Demonstration. ENTCS 253(5), 153–159 (2009)
Erlingsson, U., Schneider, F.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop, pp. 87–95 (1999)
Yee, B., Sehr, D., Dardyk, G., Chen, J., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In: Proc. IEEE Symposium on Security and Privacy, pp. 79–93 (2009)
Gheorghe, G., Neuhaus, S., Crispo, B.: xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement. In: Nishigaki, M., Jøsang, A., Murayama, Y., Marsh, S. (eds.) IFIPTM 2010. IFIP AICT, vol. 321, pp. 63–78. Springer, Heidelberg (2010)
Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Proceedings of USENIX Annual Technical Conference (June 2007)
Adobe livecycle rights management es (August 2010), http://www.adobe.com/products/livecycle/rightsmanagement/indepth.html
Microsoft. Windows Rights Management Services (2010), http://www.microsoft.com/windowsserver2008/en/us/ad-rms-overview.aspx
Pretschner, A., Hilty, M., Schutz, F., Schaefer, C., Walter, T.: Usage control enforcement: Present and future. IEEE Security & Privacy 6(4), 44–53 (2008)
Mantel, H.: Possibilistic definitions of security - an assembly kit. In: IEEE Computer Security Foundations Workshop, p. 185 (2000)
Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8, 399–422 (2009), 10.1007/s10207-009-0086-1
Luckham, D.C.: The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems. In: Bassiliades, N., Governatori, G., Paschke, A. (eds.) RuleML 2008. LNCS, vol. 5321, p. 3. Springer, Heidelberg (2008)
Pretschner, A., Lovat, E., Büchler, M.: Representation-Independent Data Usage Control. Technical Report 2011,23, Karlsruhe Institute of Technology (August 2011), http://digbib.ubka.uni-karlsruhe.de/volltexte/1000024005
Pretschner, A., Rüesch, J., Schaefer, C., Walter, T.: Formal analyses of usage control policies. In: ARES, pp. 98–105 (2009)
Havelund, K., Rosu, G.: Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Transf. 6 (August 2004)
Kumari, P., Pretschner, A., Peschla, J., Kuhn, J.M.: Distributed data usage control for web applications: a social network implementation. In: Proc. of 1st ACM Conference on Data and Application Security and Privacy, CODASPY (2011)
Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., Morris, R.: Labels and event processes in the asbestos operating system. In: Proc. SOSP, pp. 17–30 (2005)
Zeldovich, N., Boyd-Wickizer, S., Mazières, D.: Securing distributed systems with information flow control. In: Proc. of NSDI, pp. 293–308 (2008)
Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of USENIX OSDI (2010)
Demsky, B.: Garm: cross application data provenance and policy enforcement. In: Proceedings of the 4th USENIX Conference on Hot Topics in Security, HotSec 2009, pages 10. USENIX Association, Berkeley (2009)
Rushby, J.: Noninterference, transitivity and channel-control security policies (1992)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. of IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I.: Rifle: An architectural framework for user-centric information-flow security. In: Proc. of 37th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 37, pp. 243–254 (2004)
Rissanen, E.: Extensible access control markup language v3.0 (2010), http://docs.oasis-open.org
Twidle, K., Lupu, E., Dulay, N., Sloman, M.: Ponder2 - a policy environment for autonomous pervasive systems. In: IEEE International Workshop on Policies for Distributed Systems and Networks (2008)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: SACMAT (2004)
Nair, S.K., Tanenbaum, A.S., Gheorghe, G., Crispo, B.: Enforcing drm policies across applications. In: Proceedings of the 8th ACM Workshop on Digital Rights Management, DRM 2008, pp. 87–94. ACM, New York (2008)
Gheorghe, G., Mori, P., Crispo, B., Martinelli, F.: Enforcing UCON Policies on the Enterprise Service Bus. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2010, Part II. LNCS, vol. 6427, pp. 876–893. Springer, Heidelberg (2010)
McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: PLDI, pp. 193–205 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pretschner, A., Lovat, E., Büchler, M. (2012). Representation-Independent Data Usage Control. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds) Data Privacy Management and Autonomous Spontaneus Security. DPM SETOP 2011 2011. Lecture Notes in Computer Science, vol 7122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28879-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-28879-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28878-4
Online ISBN: 978-3-642-28879-1
eBook Packages: Computer ScienceComputer Science (R0)