A Policy Language for Distributed Usage Control

  • M. Hilty
  • A. Pretschner
  • D. Basin
  • C. Schaefer
  • T. Walter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4734)

Abstract

We present the Obligation Specification Language (OSL), a policy language for distributed usage control. OSL supports the formalization of a wide range of usage control requirements. We also present translations between OSL and two rights expression languages (RELs) from the DRM area. These translations make it possible to use DRM mechanisms to enforce OSL policies. Furthermore, the translations enhance the interoperability of DRM mechanisms and allow us to apply OSL-specific monitoring and analysis tools to the RELs.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adobe: Portable Document Rights Language (PDRL) Specification (2005), www.adobe.com/devnet/livecycle/policyserver/articles/pdrl.pdf
  2. 2.
    Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Proc. of the 2006 IEEE Symposium on Security and Privacy, pp. 184–198. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  4. 4.
    Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. Journal of Network and System Management 11(3), 351–372 (2003)CrossRefGoogle Scholar
  5. 5.
    Chong, C.N., Corin, R.J., Doumen, J.M., Etalle, S., Hartel, P.H., Law, Y.W., Tokmakoff, A.: Licensescript: A logical language for digital rights management. Annals of telecommunications special issue on Network and Information systems security 61(3-4), 284–331 (2006)Google Scholar
  6. 6.
    Cooper, B., Montague, P.: Translation of rights expressions. In: Proc. the 4th Australasian Information Security Workshop, pp. 137–144 (2005)Google Scholar
  7. 7.
    Delgado, J., Gallego, I., Llorente, S., Garcá, R.: IPROnto: An Ontology for Digital Rights Management. In: Proc. Jurix 2003: The Sixteenth Annual Conference on Legal Knowledge and Information Systems, pp. 111–120 (2003)Google Scholar
  8. 8.
    Delgado, J., Prados, J., Rodriguez, E.: A new Approach for Interoperability between ODRL and MPEG-21 REL. In: Proc. 2nd Intl. ODRL Workshop (2005)Google Scholar
  9. 9.
    García, R., Gil, R., Gallego, I., Delgado, J.: Formalising ODRL Semantics using Web Ontologies. In: Proc. 2nd Intl. ODRL Workshop, pp. 1–10 (2005)Google Scholar
  10. 10.
    Geer, D.: Digital Rights Technology Sparks Interoperability Concerns. IEEE Computer 37, 20–22 (2004)Google Scholar
  11. 11.
    Gunter, C.A., Weeks, S.T., Wright, A.K.: Models and languages for digital rights. In: Proc. 34th Annual Hawaii Intl. Conference on System Sciences (2001)Google Scholar
  12. 12.
    Halpern, J., Weissman, V.: A Formal Foundation for XrML. In: Proc. 17th IEEE Computer Security Foundations Workshop, pp. 251–265. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  13. 13.
    Hilty, M., Pretschner, A., Akeret, F.: Anforderungen für verteilte Nutzungskontrolle. Technical report, Siemens Schweiz AG (November 2005)Google Scholar
  14. 14.
    Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: Monitors for usage control. In: Proc. Joint iTrust and PST Conferences on Privacy, Trust Management and Security (2007)Google Scholar
  15. 15.
    Hilty, M., Pretschner, A., Walter, T., Schaefer, C.: A system model and an obligation lanugage for distributed usage control. Technical Report I-ST-20, DoCoMo Euro-Labs (2006)Google Scholar
  16. 16.
    Hilty, M., Pretschner, A., Walter, T., Schaefer, C.: Usage control requirements in mobile and ubiquitous computing applications. In: Proc. International Conference on Systems and Networks Communication, p. 27 (2006)Google Scholar
  17. 17.
    Holzer, M., Katzenbeisser, S., Schallhart, C.: Towards a Formal Semantics for ODRL. In: Proc. 1st International workshop on ODRL, pp. 137–148 (2004)Google Scholar
  18. 18.
    Koenen, R.H., Lacy, J., MacKay, M., Mitchell, S.: The long march to interoperable digital rights management. Proceedings of the IEEE 92(6), 883–897 (2004)CrossRefGoogle Scholar
  19. 19.
    Marlin Developer Community: The Role of Octopus in Marlin (2006), http://www.marlin-community.com/images/wp/RoleofOctopusinMarlin.pdf
  20. 20.
    Microsoft Corporation: Technical overview of windows rights management services for windows server 2003 (April 2005), available at http://www.microsoft.com/windowsserver2003/techinfo/overview/rmenterprisewp.mspx
  21. 21.
    Open Mobile Alliance: DRM Architecture (March 2006), available at www.openmobilealliance.org/release_program/drm_v2_0.html
  22. 22.
    Open Mobile Alliance: DRM Rights Expression Language (March 2006), available at www.openmobilealliance.org/release_program/drm_v2_0.html
  23. 23.
    Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security 7, 128–174 (2004)CrossRefGoogle Scholar
  24. 24.
    Pnueli, A.: The temporal semantics of concurrent programs. In: Proc. International Sympoisum on Semantics of Concurrent Computation, pp. 1–20 (1979)Google Scholar
  25. 25.
    Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. CACM (September 2006)Google Scholar
  26. 26.
    Pucella, R., Weissman, V.: A logic for reasoning about digital rights. In: Proc. 15th IEEE Computer Security Foundations Workshop, p. 282. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  27. 27.
    Pucella, R., Weissman, V.: A Formal Foundation for ODRL. In: Proc. Workshop on Issues in the Theory of Security (2004)Google Scholar
  28. 28.
    Iannella, R. (ed.): Open Digital Rights Language - Version 1.1 (August 2002), odrl.net/1.1/ODRL-11.pdf
  29. 29.
    Sistla, A.P., Clarke, E.M.: The complexity of propositional linear temporal logics. Journal of the ACM 32(3), 733–749 (1985)MATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    W3C: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification (2005)Google Scholar
  31. 31.
    Wang, X., Lao, G., DeMartini, T., Reddy, H., Nguyen, M., Valenzuela, E.: XrML – eXtensible rights Markup Language. In: ACM workshop on XML security, pp. 71–79. ACM Press, New York (2002)CrossRefGoogle Scholar
  32. 32.
    Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: Proc. 9th ACM symposium on access control models and technologies, pp. 1–10. ACM Press, New York (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • M. Hilty
    • 1
  • A. Pretschner
    • 1
  • D. Basin
    • 1
  • C. Schaefer
    • 2
  • T. Walter
    • 2
  1. 1.Information Security, ETH ZurichSwitzerland
  2. 2.DoCoMo Euro-Labs, MunichGermany

Personalised recommendations