Generic Semantics Specification and Processing for Inter-System Information Flow Tracking

  • Pascal BirnstillEmail author
  • Christoph Bier
  • Paul Wagner
  • Jürgen Beyerer


Data usually takes different shapes and appears as files, windows, processes’ memory, network connections, etc. Information flow tracking technology keeps an eye on these different representations of a data item. Integrated with a usage control (UC) infrastructure, this allows us to enforce UC requirements on each representation of a protected data item. To enable UC enforcement in distributed settings, we need to be able to track information flows across system boundaries. In this paper, we introduce a state-based information flow model for tracking explicit flows between systems equipped with UC technology. We demonstrate the applicability of our approach by means of an instantiation in the field of video surveillance, where systems are increasingly accessed via insecure mobile applications. Based on usage control and inter-system information flow tracking, we show how video data transmitted from a video surveillance server to mobile clients can be protected against illegitimate duplication and redistribution after receipt.


  1. 1.
    Basin, D. A., Harvan, M., Klaedtke, F., & Zalinescu, E. (2013). Monitoring data usage in distributed systems. IEEE Transactions on Software Engineering, 39(10), 1403–1426.CrossRefGoogle Scholar
  2. 2.
    Demsky, B. (2011). Cross-application data provenance and policy enforcement. ACM Transactions on Information and System Security, 14(1), 6.CrossRefGoogle Scholar
  3. 3.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems, 32(2), 5.CrossRefGoogle Scholar
  4. 4.
    Feth, D., & Pretschner, A. (2012). Flexible data-driven security for android. In 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE) (pp. 41–50). New York: IEEE.CrossRefGoogle Scholar
  5. 5.
    Harvan, M., & Pretschner, A. (2009). State-based usage control enforcement with data flow tracking using system call interposition. In Proceedings of NSS (pp. 373–380).Google Scholar
  6. 6.
    Kelbert, F., & Pretschner, A. (2013). Data usage control enforcement in distributed systems. In Proceedings of CODASPY (pp. 71–82).Google Scholar
  7. 7.
    Kelbert, F., & Pretschner, A. (2014). Decentralized distributed data usage control. In Proceedings of CANS (pp. 353–369).Google Scholar
  8. 8.
    Kim, H. C., Keromytis, A. D., Covington, M., & Sahita, R. (2009). Capturing information flow with concatenated dynamic taint analysis. In Proceedings of ARES (pp. 355–362).Google Scholar
  9. 9.
    Lovat, E. (2015). Cross-layer Data-centric Usage Control. Dissertation, Technische Universität München, München, Germany. Dissecting scanning activities using ip gray space.Google Scholar
  10. 10.
    Lovat, E., & Kelbert, F. (2014). Structure matters - A new approach for data flow tracking. In Proceedings of SPW (IEEE) (pp. 39–43).Google Scholar
  11. 11.
    Lovat, E., Oudinet, J., & Pretschner, A. (2014). On quantitative dynamic data flow tracking. In Proceedings of CODASPY (pp. 211–222).Google Scholar
  12. 12.
    Park, J., & Sandhu, R. S. (2004). The ucon\(_{\mbox{ abc}}\) usage control model. ACM Transactions on Information and System Security, 7(1), 128–174.CrossRefGoogle Scholar
  13. 13.
    Pretschner, A., Hilty, M., & Basin, D. A. (2006). Distributed usage control. Communications of ACM, 49(9), 39–44.CrossRefGoogle Scholar
  14. 14.
    Pretschner, A., Lovat, E., & Büchler, M. (2011). Representation-independent data usage control. In Proceedings of DPM (pp. 122–140).Google Scholar
  15. 15.
    Wüchner, T., & Pretschner, A. (2012). Data loss prevention based on data-driven usage control. In Proceedings of ISSRE (IEEE) (pp. 151–160).Google Scholar
  16. 16.
    Yin, H., Song, D. X., Egele, M., Kruegel, C., & Kirda, E. (2007). Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of CCS (ACM) (pp. 116–127).Google Scholar
  17. 17.
    Zhang, Q., McCullough, J., Ma, J., Schear, N., Vrable, M., Vahdat, A., Snoeren, A. C., Voelker, G. M., & Savage, S. (2010). Neon: system support for derived data management. In Proceedings of VEE (pp. 63–74).Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Pascal Birnstill
    • 1
    Email author
  • Christoph Bier
    • 1
  • Paul Wagner
    • 2
  • Jürgen Beyerer
    • 1
  1. 1.Fraunhofer IOSBKarlsruheGermany
  2. 2.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations