Data-centric multi-layer usage control enforcement: a social network example

Quantified Score

Visualization

Abstract

Usage control is concerned with how data is used after access to it has been granted. Data may exist in multiple representations which potentially reside at different layers of abstraction, including operating system, window manager, application level, DBMS, etc. Consequently, enforcement mechanisms need to be implemented at different layers, in order to monitor and control data at and across all of them. We present an architecture for usage control enforcement mechanisms that cater to the data dimension, grasping the distinction between data (e.g a picture or a song) and its representations within the system (e.g a file, a window, a network packet, etc.). We then show three exemplary instantiations at the level of operating system, application, and windowing system. Our mechanisms enforce data-related policies simultaneously at the respective levels, offering a concrete multi-layer enforcement and laying the grounds for a combined inter-layer usage control enforcement. In this demo, we consider a use case from a social network scenario. A user can, on the grounds of assigned trust values, protect his data from being misused after having been downloaded by other users. In particular, our mechanisms prevent sensitive data in the browser window from being printed, saved or copied to the system clipboard, avoid direct access to the cached copy of the file and forbid taking a screenshot of the window where data is shown.