Abstract
We present the Obligation Specification Language (OSL), a policy language for distributed usage control. OSL supports the formalization of a wide range of usage control requirements. We also present translations between OSL and two rights expression languages (RELs) from the DRM area. These translations make it possible to use DRM mechanisms to enforce OSL policies. Furthermore, the translations enhance the interoperability of DRM mechanisms and allow us to apply OSL-specific monitoring and analysis tools to the RELs.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Adobe: Portable Document Rights Language (PDRL) Specification (2005), www.adobe.com/devnet/livecycle/policyserver/articles/pdrl.pdf
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Proc. of the 2006 IEEE Symposium on Security and Privacy, pp. 184–198. IEEE Computer Society Press, Los Alamitos (2006)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. Journal of Network and System Management 11(3), 351–372 (2003)
Chong, C.N., Corin, R.J., Doumen, J.M., Etalle, S., Hartel, P.H., Law, Y.W., Tokmakoff, A.: Licensescript: A logical language for digital rights management. Annals of telecommunications special issue on Network and Information systems security 61(3-4), 284–331 (2006)
Cooper, B., Montague, P.: Translation of rights expressions. In: Proc. the 4th Australasian Information Security Workshop, pp. 137–144 (2005)
Delgado, J., Gallego, I., Llorente, S., Garcá, R.: IPROnto: An Ontology for Digital Rights Management. In: Proc. Jurix 2003: The Sixteenth Annual Conference on Legal Knowledge and Information Systems, pp. 111–120 (2003)
Delgado, J., Prados, J., Rodriguez, E.: A new Approach for Interoperability between ODRL and MPEG-21 REL. In: Proc. 2nd Intl. ODRL Workshop (2005)
García, R., Gil, R., Gallego, I., Delgado, J.: Formalising ODRL Semantics using Web Ontologies. In: Proc. 2nd Intl. ODRL Workshop, pp. 1–10 (2005)
Geer, D.: Digital Rights Technology Sparks Interoperability Concerns. IEEE Computer 37, 20–22 (2004)
Gunter, C.A., Weeks, S.T., Wright, A.K.: Models and languages for digital rights. In: Proc. 34th Annual Hawaii Intl. Conference on System Sciences (2001)
Halpern, J., Weissman, V.: A Formal Foundation for XrML. In: Proc. 17th IEEE Computer Security Foundations Workshop, pp. 251–265. IEEE Computer Society Press, Los Alamitos (2004)
Hilty, M., Pretschner, A., Akeret, F.: Anforderungen für verteilte Nutzungskontrolle. Technical report, Siemens Schweiz AG (November 2005)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: Monitors for usage control. In: Proc. Joint iTrust and PST Conferences on Privacy, Trust Management and Security (2007)
Hilty, M., Pretschner, A., Walter, T., Schaefer, C.: A system model and an obligation lanugage for distributed usage control. Technical Report I-ST-20, DoCoMo Euro-Labs (2006)
Hilty, M., Pretschner, A., Walter, T., Schaefer, C.: Usage control requirements in mobile and ubiquitous computing applications. In: Proc. International Conference on Systems and Networks Communication, p. 27 (2006)
Holzer, M., Katzenbeisser, S., Schallhart, C.: Towards a Formal Semantics for ODRL. In: Proc. 1st International workshop on ODRL, pp. 137–148 (2004)
Koenen, R.H., Lacy, J., MacKay, M., Mitchell, S.: The long march to interoperable digital rights management. Proceedings of the IEEE 92(6), 883–897 (2004)
Marlin Developer Community: The Role of Octopus in Marlin (2006), http://www.marlin-community.com/images/wp/RoleofOctopusinMarlin.pdf
Microsoft Corporation: Technical overview of windows rights management services for windows server 2003 (April 2005), available at http://www.microsoft.com/windowsserver2003/techinfo/overview/rmenterprisewp.mspx
Open Mobile Alliance: DRM Architecture (March 2006), available at www.openmobilealliance.org/release_program/drm_v2_0.html
Open Mobile Alliance: DRM Rights Expression Language (March 2006), available at www.openmobilealliance.org/release_program/drm_v2_0.html
Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security 7, 128–174 (2004)
Pnueli, A.: The temporal semantics of concurrent programs. In: Proc. International Sympoisum on Semantics of Concurrent Computation, pp. 1–20 (1979)
Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. CACM (September 2006)
Pucella, R., Weissman, V.: A logic for reasoning about digital rights. In: Proc. 15th IEEE Computer Security Foundations Workshop, p. 282. IEEE Computer Society Press, Los Alamitos (2002)
Pucella, R., Weissman, V.: A Formal Foundation for ODRL. In: Proc. Workshop on Issues in the Theory of Security (2004)
Iannella, R. (ed.): Open Digital Rights Language - Version 1.1 (August 2002), odrl.net/1.1/ODRL-11.pdf
Sistla, A.P., Clarke, E.M.: The complexity of propositional linear temporal logics. Journal of the ACM 32(3), 733–749 (1985)
W3C: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification (2005)
Wang, X., Lao, G., DeMartini, T., Reddy, H., Nguyen, M., Valenzuela, E.: XrML – eXtensible rights Markup Language. In: ACM workshop on XML security, pp. 71–79. ACM Press, New York (2002)
Zhang, X., Park, J., Parisi-Presicce, F., Sandhu, R.: A logical specification for usage control. In: Proc. 9th ACM symposium on access control models and technologies, pp. 1–10. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T. (2007). A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)