A Fully Decentralized Data Usage Control Enforcement Infrastructure

Distributed data usage control enables data owners to constrain how their data is used by remote entities. However, many data usage policies refer to events happening within several distributed systems, e.g. “at each point in time at most two clerks might have a local copy of this contract”, or “a contract must be approved by at least two clerks before it is sent to the customer”. While such policies can intuitively be enforced using a centralized infrastructure, major drawbacks are that such solutions constitute a single point of failure and that they are expected to cause heavy communication and performance overhead. Hence, we present the first fully decentralized infrastructure for the preventive enforcement of data usage policies. We provide a thorough evaluation of our infrastructure and show in which scenarios it is superior to a centralized approach.

[1]  Felix Klaedtke,et al.  Monitoring Data Usage in Distributed Systems , 2013, IEEE Transactions on Software Engineering.

[2]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[3]  Fabio Martinelli,et al.  Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud , 2014, 2014 IEEE Security and Privacy Workshops.

[4]  Prashant Malik,et al.  Cassandra: a decentralized structured storage system , 2010, OPSR.

[5]  Alexander Pretschner,et al.  Deriving implementation-level policies for usage control enforcement , 2012, CODASPY '12.

[6]  Alexander Pretschner,et al.  Towards a policy enforcement infrastructure for distributed usage control , 2012, SACMAT '12.

[7]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[8]  Ilaria Matteucci,et al.  Data Privacy Management and Autonomous Spontaneus Security , 2012, Lecture Notes in Computer Science.

[9]  Alexander Pretschner,et al.  Data usage control enforcement in distributed systems , 2013, CODASPY.

[10]  Alexander Pretschner,et al.  Data Protection in a Cloud-Enabled Smart Grid , 2012, SmartGridSec.

[11]  Felix Klaedtke,et al.  Monitoring Metric First-Order Temporal Properties , 2015, J. ACM.

[12]  Jaehong Park,et al.  Formal model and policy specification of usage control , 2005, TSEC.

[13]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[14]  Yliès Falcone,et al.  Decentralised LTL monitoring , 2011, Formal Methods in System Design.

[15]  Felix Klaedtke,et al.  Scalable Offline Monitoring , 2014, RV.

[16]  Alexander Pretschner,et al.  Representation-Independent Data Usage Control , 2011, DPM/SETOP.

[17]  Heiko Mantel,et al.  Service Automata , 2011, Formal Aspects in Security and Trust.

[18]  Alexander Pretschner,et al.  Decentralized Distributed Data Usage Control , 2014, CANS.

[19]  Hussein Zedan,et al.  Concurrent Enforcement of Usage Control Policies , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[20]  Alexander Pretschner,et al.  State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition , 2009, 2009 Third International Conference on Network and System Security.

[21]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[22]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.