Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
Data-centric multi-layer usage control enforcement: a social network example
Proceedings of the 16th ACM symposium on Access control models and technologies
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Towards a policy enforcement infrastructure for distributed usage control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Model-Based usage control policy derivation
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.01 |
Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.