Proceedings of the 2008 ACM symposium on Information, computer and communications security
State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Representation-Independent data usage control
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Usage control is concerned with how data is used after access to it has been granted. Data may exist in multiple representations which potentially reside at different layers of abstraction, including operating system, window manager, application level, DBMS, etc. Consequently, enforcement mechanisms need to be implemented at different layers, in order to monitor and control data at and across all of them. We present an architecture for usage control enforcement mechanisms that cater to the data dimension, grasping the distinction between data (e.g a picture or a song) and its representations within the system (e.g a file, a window, a network packet, etc.). We then show three exemplary instantiations at the level of operating system, application, and windowing system. Our mechanisms enforce data-related policies simultaneously at the respective levels, offering a concrete multi-layer enforcement and laying the grounds for a combined inter-layer usage control enforcement. In this demo, we consider a use case from a social network scenario. A user can, on the grounds of assigned trust values, protect his data from being misused after having been downloaded by other users. In particular, our mechanisms prevent sensitive data in the browser window from being printed, saved or copied to the system clipboard, avoid direct access to the cached copy of the file and forbid taking a screenshot of the window where data is shown.