Abstract
Data usage control provides mechanisms for data owners to remain in control over how their data is used after it is has been shared. Many data usage policies can only be enforced on a global scale, as they refer to data usage events happening within multiple distributed systems: ‘not more than three employees may ever read this document’, or ‘no copy of this document may be modified after it has been archived’. While such global policies can be enforced by a centralized enforcement infrastructure that observes all data usage events in all relevant systems, such a strategy involves heavy communication. We show how the overall coordination overhead can be reduced by deploying a decentralized enforcement infrastructure. Our contributions are: (i) a formal distributed data usage control system model; (ii) formal methods for identifying all systems relevant for evaluating a given policy; (iii) identification of situations in which no coordination between systems is necessary without compromising policy enforcement; (iv) proofs of correctness of (ii, iii).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. Communications of the ACM 49(9), 39–44 (2006)
Pretschner, A., Lovat, E., Büchler, M.: Representation-Independent Data Usage Control. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 122–140. Springer, Heidelberg (2012)
Harvan, M., Pretschner, A.: State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In: 3rd International Conference on Network and System Security, pp. 373–380 (2009)
Lörscher, M.: Data Usage Control for the Thunderbird Mail Client. Master’s thesis, University of Kaiserslautern, Germany (2012)
T. Moses (ed.). eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, pp. 1–141 (2005)
Wüchner, T., Pretschner, A.: Data Loss Prevention Based on Data-Driven Usage Control. In: IEEE 23rd Intl. Symp. Software Reliability Eng., pp. 151–160 (2012)
Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud. In: IEEE Security and Privacy Workshops (2014)
Chadwick, D., Su, L., Otenko, O., Laborde, R.: Coordination between Distributed PDPs. In: 7th IEEE Intl. Works. on Policies for Distr. Systems and Networks (2006)
Kelbert, F., Pretschner, A.: Data Usage Control Enforcement in Distributed Systems. In: Proc. 3rd ACM Conference on Data and Application Security and Privacy, pp. 71–82 (2013)
Gay, R., Mantel, H., Sprick, B.: Service Automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)
Pretschner, A., Büchler, M., Harvan, M., Schaefer, C., Walter, T.: Usage Control Enforcement with Data Flow Tracking for X11. In: Proc. 5th International Workshop on Security and Trust Management, pp. 124–137 (2009)
Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for Usage Control. In: Proc. 2008 ACM Symposium on Information, Computer and Communications Security, pp. 240–244 (2008)
Kumari, P., Pretschner, A.: Deriving Implementation-level Policies for Usage Control Enforcement. In: Proc. 2nd ACM Conference on Data and Application Security and Privacy, pp. 83–94 (2012)
Kumari, P., Pretschner, A.: Model-Based Usage Control Policy Derivation. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 58–74. Springer, Heidelberg (2013)
Fromm, A., Kelbert, F., Pretschner, A.: Data Protection in a Cloud-Enabled Smart Grid. In: Cuellar, J. (ed.) SmartGridSec 2012. LNCS, vol. 7823, pp. 96–107. Springer, Heidelberg (2013)
Kloukinas, C., Spanoudakis, G., Mahbub, K.: Estimating Event Lifetimes for Distributed Runtime Verification. In: Proc. 20th Intl. Conf. on Software Eng. (2008)
Basin, D., Harvan, M., Klaedtke, F., Zalinescu, E.: Monitoring Data Usage in Distributed Systems. IEEE Trans. on Software Eng. 39(10), 1403–1426 (2013)
Janicke, H., Cau, A., Siewe, F., Zedan, H.: Concurrent Enforcement of Usage Control Policies. In: IEEE Workshop on Policies for Distributed Systems and Networks, pp. 111–118 (2008)
Bauer, A., Falcone, Y.: Decentralised LTL Monitoring. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 85–100. Springer, Heidelberg (2012)
Lovat, E., Oudinet, J., Pretschner, A.: On Quantitative Dynamic Data Flow Tracking. In: Proc. 4th ACM Conference on Data and Application Security and Privacy, pp. 211–222 (2014)
Lovat, E., Kelbert, F.: Structure Matters – A new Approach for Data Flow Tracking. In: IEEE Security and Privacy Workshops (May 2014)
Kelbert, F., Pretschner, A.: Towards a Policy Enforcement Infrastructure for Distributed Usage Control. In: Proc. 17th ACM Symposium on Access Control Models and Technologies, pp. 119–122 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kelbert, F., Pretschner, A. (2014). Decentralized Distributed Data Usage Control. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds) Cryptology and Network Security. CANS 2014. Lecture Notes in Computer Science, vol 8813. Springer, Cham. https://doi.org/10.1007/978-3-319-12280-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-12280-9_23
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12279-3
Online ISBN: 978-3-319-12280-9
eBook Packages: Computer ScienceComputer Science (R0)