A Trustworthy Usage Control Enforcement Framework
International Journal of Mobile Computing and Multimedia Communications
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.