Abstract
It is of utmost importance to maintain digital sovereignty in the context of Industry 4.0 and data-driven business models. As data itself becomes a valuable asset, this is a challenge that many companies have to face. This is particularly true as data sharing with third parties is a mandatory component of many modern business models. For its participants, the International Data Spaces (IDS) provide an ecosystem that supports the establishment and protection of their digital sovereignty. In this extended paper, we present the requirements in the area of usage control that have emerged from the IDS. We recapitulate the current state of the domain-specific language D\(^\circ \), which has usage control mechanisms as a core functionality. We then introduce extensions to the policy system of D\(^\circ \) and the language itself to meet these requirements. We demonstrate how the policy system can be extended by label-based mechanisms in order to increase the expressiveness of the policy system. These mechanisms can be used to attach metadata to data as well as other language components of D\(^\circ \) and therefore allow easy tracing of data and sharing of information between language components such as policies. We introduce a mechanism to D\(^\circ \) that allows to dynamically map external identifiers (like the ones used in the IDS) to those used in D\(^\circ \). This allows D\(^\circ \) to be combined with other usage control solutions as it facilitates the use of global identities that exceed D\(^\circ \).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akyürek, H., et al.: IDS information model v4.0.0 (2020). https://github.com/International-Data-Spaces-Association/InformationModel/releases/tag/v4.0.0
Anderson, A., et al.: Extensible access control markup language (XACML) version 1.0. OASIS (2003)
Austin, T.H., Yang, J., Flanagan, C., Solar-Lezama, A.: Faceted execution of policy-agnostic programs. In: Proceedings of the Eighth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 15–26 (2013)
Barthe, G., Naumann, D.A., Rezk, T.: Deriving an information flow checker and certifying compiler for Java. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), pp. 229–242 (2006)
Bruckner, F., Pampus, J., Howar, F.: A framework for creating policy-agnostic programming languages. In: Hammoudi, S., Quix, C., Bernardino, J. (eds.) Proceedings of the 9th International Conference on Data Science, Technology and Applications, DATA 2020, Lieusaint, Paris, France, 7–9 July 2020, pp. 31–42. SciTePress (2020). https://doi.org/10.5220/0009782200310042
Eitel, A., et al.: Usage Control in International Data Spaces: Version 2.0 (2019). https://www.internationaldataspaces.org/wp-content/uploads/2019/11/Usage-Control-in-IDS-V2.0_final.pdf
Jarke, M., Otto, B., Ram, S.: Data sovereignty and data space ecosystems. Bus. Inf. Syst. Eng. 61(5), 549–550 (2019). https://doi.org/10.1007/s12599-019-00614-2
Jeager, T.: Managing access control complexity using metrices. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, SACMAT 2001, pp. 131–139. Association for Computing Machinery, New York (2001). https://doi.org/10.1145/373256.373283
Jung, C., Eitel, A., Schwarz, R.: Enhancing cloud security with context-aware usage control policies. In: GI-Jahrestagung, pp. 211–222 (2014)
Katt, B., Zhang, X., Breu, R.: A general obligation model and continuity: enhanced policy enforcement engine for usage control. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 123–132 (2008)
Kosar, T., Martı, P.E., Barrientos, P.A., Mernik, M., et al.: A preliminary study on various implementation approaches of domain-specific language. Inf. Softw. Technol. 50(5), 390–405 (2008)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010). https://doi.org/10.1016/j.cosrev.2010.02.002
Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 228–241 (1999)
Otto, B., Jarke, M.: Designing a multi-sided data platform: findings from the International Data Spaces case. Electr. Mark. 29(4), 561–580 (2019)
Park, J.: Usage control: a unified framework for next generation access control. Dissertation, George Mason University, Virginia (2003)
Park, J., Sandhu, R.S.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)
Park, J., Zhang, X., Sandhu, R.S.: Attribute mutability in usage control. In: Research Directions in Data and Applications Security, vol. XVIII, pp. 15–29 (2004)
Polikarpova, N., Yang, J., Itzhaky, S., Hance, T., Solar-Lezama, A.: Enforcing information flow policies with type-targeted program synthesis. In: Proceedings of the ACM on Programming Languages, vol. 1 (2018)
Rajkumar, P.V., Ghosh, S.K., Dasgupta, P.: Application specific usage control implementation verification. Int. J. Netw. Secur. Appl. 1(3), 116–128 (2009)
Sandhu, R.S., Park, J.: Usage control: a vision for next generation access control. In: International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, pp. 17–31 (2003)
Schuette, J., Brost, G.S.: LUCON: data flow control for message-based IoT systems. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 289–299 (2018)
Visser, E.: WebDSL: a case study in domain-specific language engineering. In: Lämmel, R., Visser, J., Saraiva, J. (eds.) GTTSE 2007. LNCS, vol. 5235, pp. 291–373. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88643-3_7
Yang, J.: Preventing information leaks with policy-agnostic programming. Dissertation, Massachusetts Institute of Technology, Massachusett (2015)
Yang, J., Yessenov, K., Solar-Lezama, A.: A language for automatically enforcing privacy policies. ACM SIGPLAN Not. 47(1), 85–96 (2012)
Zdancewic, S.: Challenges for information-flow security. In: Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence (PLID 2004), pp. 6–11 (2004)
Zolnowski, A., Christiansen, T., Gudat, J.: Business model transformation patterns of data-driven innovations (2016)
Acknowledgments
This work was developed in Fraunhofer-Cluster of Excellence “Cognitive Internet Technologies”.
This research was supported by the Excellence Center for Logistics and IT funded by the Fraunhofer-Gesellschaft and the Ministry of Culture and Science of the German State of North Rhine-Westphalia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Bruckner, F., Pampus, J., Howar, F. (2021). A Policy-Agnostic Programming Language for the International Data Spaces. In: Hammoudi, S., Quix, C., Bernardino, J. (eds) Data Management Technologies and Applications. DATA 2020. Communications in Computer and Information Science, vol 1446. Springer, Cham. https://doi.org/10.1007/978-3-030-83014-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-83014-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83013-7
Online ISBN: 978-3-030-83014-4
eBook Packages: Computer ScienceComputer Science (R0)