Decentralized Distributed Data Usage Control

Data usage control provides mechanisms for data owners to remain in control over how their data is used after it is has been shared. Many data usage policies can only be enforced on a global scale, as they refer to data usage events happening within multiple distributed systems: 'not more than three employees may ever read this document', or 'no copy of this document may be modified after it has been archived'. While such global policies can be enforced by a centralized enforcement infrastructure that observes all data usage events in all relevant systems, such a strategy involves heavy communication. We show how the overall coordination overhead can be reduced by deploying a decentralized enforcement infrastructure. Our contributions are: i a formal distributed data usage control system model; ii formal methods for identifying all systems relevant for evaluating a given policy; iii identification of situations in which no coordination between systems is necessary without compromising policy enforcement; iv proofs of correctness of ii, iii.

[1]  Alexander Pretschner,et al.  Data Loss Prevention Based on Data-Driven Usage Control , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[2]  van der Arjan Schaft,et al.  Systems and Networks , 1993 .

[3]  Alexander Pretschner,et al.  Towards a policy enforcement infrastructure for distributed usage control , 2012, SACMAT '12.

[4]  Christian Schaefer,et al.  Mechanisms for usage control , 2008, ASIACCS '08.

[5]  Alexander Pretschner,et al.  Model-Based Usage Control Policy Derivation , 2013, ESSoS.

[6]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[7]  Alexander Pretschner,et al.  Data usage control enforcement in distributed systems , 2013, CODASPY.

[8]  George Spanoudakis,et al.  Estimating Event Lifetimes for Distributed Runtime Verification , 2008, SEKE.

[9]  Alexander Pretschner,et al.  Data Protection in a Cloud-Enabled Smart Grid , 2012, SmartGridSec.

[10]  Sanjay Goel,et al.  Smart Grid Security , 2015, SpringerBriefs in Cybersecurity.

[11]  Frits W. Vaandrager,et al.  Automata Learning through Counterexample Guided Abstraction Refinement , 2012, FM.

[12]  Christian Schaefer,et al.  Usage Control Enforcement with Data Flow Tracking for X11 , 2009, STM 2009.

[13]  Hussein Zedan,et al.  Concurrent Enforcement of Usage Control Policies , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[14]  Joaquin Garcia-Alfaro,et al.  Data Privacy Management and Autonomous Spontaneous Security, 4th International Workshop, DPM 2009 and Second International Workshop, SETOP 2009, St. Malo, France, September 24-25, 2009, Revised Selected Papers , 2010, DPM/SETOP.

[15]  Alexander Pretschner,et al.  State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition , 2009, 2009 Third International Conference on Network and System Security.

[16]  Felix Klaedtke,et al.  Monitoring Data Usage in Distributed Systems , 2013, IEEE Transactions on Software Engineering.

[17]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[18]  Fabio Martinelli,et al.  Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud , 2014, 2014 IEEE Security and Privacy Workshops.

[19]  Yliès Falcone,et al.  Decentralised LTL monitoring , 2011, Formal Methods in System Design.

[20]  Enrico Lovat,et al.  Structure Matters - A New Approach for Data Flow Tracking , 2014, 2014 IEEE Security and Privacy Workshops.

[21]  Alexander Pretschner,et al.  Representation-Independent Data Usage Control , 2011, DPM/SETOP.

[22]  Heiko Mantel,et al.  Service Automata , 2011, Formal Aspects in Security and Trust.

[23]  Jan Jürjens,et al.  Verifying Cryptographic Code in C: Some Experience and the Csec Challenge , 2011, Formal Aspects in Security and Trust.

[24]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.

[25]  Alexander Pretschner,et al.  Deriving implementation-level policies for usage control enforcement , 2012, CODASPY '12.

[26]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[27]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[28]  Alexander Pretschner,et al.  On quantitative dynamic data flow tracking , 2014, CODASPY '14.

[29]  David W. Chadwick,et al.  Coordination between distributed PDPs , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[30]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.