Skip to main content
SpringerLink
Log in

Decentralized Distributed Data Usage Control

  • Conference paper
Cryptology and Network Security (CANS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8813))

Included in the following conference series:

Abstract

Data usage control provides mechanisms for data owners to remain in control over how their data is used after it is has been shared. Many data usage policies can only be enforced on a global scale, as they refer to data usage events happening within multiple distributed systems: ‘not more than three employees may ever read this document’, or ‘no copy of this document may be modified after it has been archived’. While such global policies can be enforced by a centralized enforcement infrastructure that observes all data usage events in all relevant systems, such a strategy involves heavy communication. We show how the overall coordination overhead can be reduced by deploying a decentralized enforcement infrastructure. Our contributions are: (i) a formal distributed data usage control system model; (ii) formal methods for identifying all systems relevant for evaluating a given policy; (iii) identification of situations in which no coordination between systems is necessary without compromising policy enforcement; (iv) proofs of correctness of (ii, iii).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Park, J., Sandhu, R.: The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)

    Article  Google Scholar 

  2. Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. Communications of the ACM 49(9), 39–44 (2006)

    Article  Google Scholar 

  3. Pretschner, A., Lovat, E., Büchler, M.: Representation-Independent Data Usage Control. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 122–140. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Harvan, M., Pretschner, A.: State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In: 3rd International Conference on Network and System Security, pp. 373–380 (2009)

    Google Scholar 

  5. Lörscher, M.: Data Usage Control for the Thunderbird Mail Client. Master’s thesis, University of Kaiserslautern, Germany (2012)

    Google Scholar 

  6. T. Moses (ed.). eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, pp. 1–141 (2005)

    Google Scholar 

  7. Wüchner, T., Pretschner, A.: Data Loss Prevention Based on Data-Driven Usage Control. In: IEEE 23rd Intl. Symp. Software Reliability Eng., pp. 151–160 (2012)

    Google Scholar 

  8. Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud. In: IEEE Security and Privacy Workshops (2014)

    Google Scholar 

  9. Chadwick, D., Su, L., Otenko, O., Laborde, R.: Coordination between Distributed PDPs. In: 7th IEEE Intl. Works. on Policies for Distr. Systems and Networks (2006)

    Google Scholar 

  10. Kelbert, F., Pretschner, A.: Data Usage Control Enforcement in Distributed Systems. In: Proc. 3rd ACM Conference on Data and Application Security and Privacy, pp. 71–82 (2013)

    Google Scholar 

  11. Gay, R., Mantel, H., Sprick, B.: Service Automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Pretschner, A., Büchler, M., Harvan, M., Schaefer, C., Walter, T.: Usage Control Enforcement with Data Flow Tracking for X11. In: Proc. 5th International Workshop on Security and Trust Management, pp. 124–137 (2009)

    Google Scholar 

  14. Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T.: Mechanisms for Usage Control. In: Proc. 2008 ACM Symposium on Information, Computer and Communications Security, pp. 240–244 (2008)

    Google Scholar 

  15. Kumari, P., Pretschner, A.: Deriving Implementation-level Policies for Usage Control Enforcement. In: Proc. 2nd ACM Conference on Data and Application Security and Privacy, pp. 83–94 (2012)

    Google Scholar 

  16. Kumari, P., Pretschner, A.: Model-Based Usage Control Policy Derivation. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 58–74. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  17. Fromm, A., Kelbert, F., Pretschner, A.: Data Protection in a Cloud-Enabled Smart Grid. In: Cuellar, J. (ed.) SmartGridSec 2012. LNCS, vol. 7823, pp. 96–107. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Kloukinas, C., Spanoudakis, G., Mahbub, K.: Estimating Event Lifetimes for Distributed Runtime Verification. In: Proc. 20th Intl. Conf. on Software Eng. (2008)

    Google Scholar 

  19. Basin, D., Harvan, M., Klaedtke, F., Zalinescu, E.: Monitoring Data Usage in Distributed Systems. IEEE Trans. on Software Eng. 39(10), 1403–1426 (2013)

    Article  Google Scholar 

  20. Janicke, H., Cau, A., Siewe, F., Zedan, H.: Concurrent Enforcement of Usage Control Policies. In: IEEE Workshop on Policies for Distributed Systems and Networks, pp. 111–118 (2008)

    Google Scholar 

  21. Bauer, A., Falcone, Y.: Decentralised LTL Monitoring. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 85–100. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Lovat, E., Oudinet, J., Pretschner, A.: On Quantitative Dynamic Data Flow Tracking. In: Proc. 4th ACM Conference on Data and Application Security and Privacy, pp. 211–222 (2014)

    Google Scholar 

  23. Lovat, E., Kelbert, F.: Structure Matters – A new Approach for Data Flow Tracking. In: IEEE Security and Privacy Workshops (May 2014)

    Google Scholar 

  24. Kelbert, F., Pretschner, A.: Towards a Policy Enforcement Infrastructure for Distributed Usage Control. In: Proc. 17th ACM Symposium on Access Control Models and Technologies, pp. 119–122 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität München, Germany

    Florian Kelbert & Alexander Pretschner

Authors
  1. Florian Kelbert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Pretschner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, Athens University of Economics & Business, 76, Patission Str., 10434, Athens, Greece

    Dimitris Gritzalis

  2. Department of Informatics and Telecommunications, Panepistimiopolis, National and Kapodistrian University of Athens, 15784, Athens, Greece

    Aggelos Kiayias

  3. FORTH-ICS, Vassilika Vouton, P.O. Box 1385, 711 10, Heraklion, Crete, Greece

    Ioannis Askoxylakis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kelbert, F., Pretschner, A. (2014). Decentralized Distributed Data Usage Control. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds) Cryptology and Network Security. CANS 2014. Lecture Notes in Computer Science, vol 8813. Springer, Cham. https://doi.org/10.1007/978-3-319-12280-9_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12280-9_23

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12279-3

  • Online ISBN: 978-3-319-12280-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation