Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2007: Trust, Privacy and Security in Digital Business pp 83–93Cite as

Usage Control in Service-Oriented Architectures

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4657))

Abstract

Usage control governs the handling of sensitive data after it has been given away. The enforcement of usage control requirements is a challenge because the service requester in general has no control over the service provider’s information processing devices. We analyze applicable trust models, conclude that observation-based enforcement is often more appropriate than enforcement by direct control over the service provider’s actions, and present a logical architecture that blends both forms of enforcement with the business logics of service-oriented architectures.

This work was done while A. Pretschner was on leave at the universities of Trento and Innsbruck—support by the Bolzano Innsbruck Trento Joint School for Information Technology is gratefully acknowledged. F. Massacci was supported by the EU-funded S3MS project.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Karjoth, G., Pfitzmann, B., Schunter, M., Waidner, M.: Service-oriented Assurance - Comprehensive Security by Explicit Assurances. In: Proc. of QoP 2005 (2005)

    Google Scholar 

  2. Karabulut, Y., Kerschbaum, F., Massacci, F., Robinson, P., Yautsiukhin, A.: Security and Trust in IT Business Outsourcing: a Manifesto. In: Proc. STM. ENTCS (2006)

    Google Scholar 

  3. Goth, G.: The ins and outs of it outsourcing. IT Professional 1, 11–14 (1999)

    Google Scholar 

  4. Schaad, A., Moffett, J.: Delegation of Obligations. In: Proc. POLICY, pp. 25–35 (2002)

    Google Scholar 

  5. Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. J. Network and System Mgmt. 11(3), 351–372 (2003)

    Article  Google Scholar 

  6. Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security 7, 128–174 (2004)

    Article  Google Scholar 

  7. Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. CACM 49(9), 39–44 (2006)

    Google Scholar 

  8. Hilty, M., Pretschner, A., Schaefer, C., Walter, T.: A System Model and a Policy Language for Distributed Usage Control. Technical Report I-ST-20, DoCoMo (2006)

    Google Scholar 

  9. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic DBs. In: VLDB, pp. 143–154 (2002)

    Google Scholar 

  10. Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Proc. PET, pp. 69–84 (2002)

    Google Scholar 

  11. W3C: The Platform for Privacy Preferences 1.1 (P3P1.1) Spec., Working Draft (2005)

    Google Scholar 

  12. Wang, X., Lao, G., DeMartini, T., Reddy, H., Nguyen, M., Valenzuela, E.: XrML–eXtensible rights Markup Language. In: Proc. XMLSEC, pp. 71–79 (2002)

    Google Scholar 

  13. Iannella, R.: Open Digital Rights Language - Version 1.1 (2002), odrl.net/1.1/ODRL-11.pdf

  14. Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. International Journal of Information Security 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  15. Hilty, M., Pretschner, A., Schaefer, C., Walter, T.: Enforcement for Usage Control—An Overview of Control Mechanisms. Technical Report I-ST-18, DoCoMo EuroLabs (2006)

    Google Scholar 

  16. Filman, R., Elrad, T., Clarke, S., Aksit, M.: Aspect-Oriented SW Development (2004)

    Google Scholar 

  17. Erlingsson, U., Schneider, F.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop, pp. 87–95 (1999)

    Google Scholar 

  18. Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies with Polymer. In: Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 305–314. ACM Press, New York (2005)

    Google Scholar 

  19. Zhang, X., Chen, S., Sandhu, R.: Enhancing Data Authentity and Integrity in P2P Systems. IEEE Internet Computing 9(6), 18–25 (2005)

    Article  Google Scholar 

  20. Sandhu, R., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: SACMAT, pp. 147–158 (2005)

    Google Scholar 

  21. van Oorschot, P.: Revisiting software protection. In: Proc. IST, pp. 1–13 (2003)

    Google Scholar 

  22. van Oorschot, P.: SW protection and application security: understanding the battleground. In: State of the art and evolution of computer security and industrial cryptography (2003)

    Google Scholar 

  23. W3C: A P3P Preference Exchange Language 1.0 (APPEL1.0) (2002)

    Google Scholar 

  24. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)

    Google Scholar 

  25. Povey, D.: Optimistic security: a new access control paradigm. In: Proc. workshop on new security paradigms, pp. 40–45 (1999)

    Google Scholar 

  26. Hilty, M., Basin, D., Pretschner, A.: On obligations. In: Proc. ESORICS, pp. 98–117 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security, ETH Zürich, Switzerland

    Alexander Pretschner & Manuel Hilty

  2. Dept. of Information and Communication Technology, Università degli Studi di Trento, Italy

    Fabio Massacci

Authors
  1. Alexander Pretschner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manuel Hilty
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Costas Lambrinoudakis Günther Pernul A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pretschner, A., Massacci, F., Hilty, M. (2007). Usage Control in Service-Oriented Architectures. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74409-2_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74408-5

  • Online ISBN: 978-3-540-74409-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation