A Trustworthy Usage Control Enforcement Framework

Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.

[1]  Willem P. de Roever,et al.  Real-time programming and asynchronous message passing , 1983, PODC '83.

[2]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[3]  Emil C. Lupu,et al.  Ponder2 - A Policy Environment for Autonomous Pervasive Systems , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[4]  Bruno Crispo,et al.  xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement , 2010, IFIPTM.

[5]  Grigore Rosu,et al.  Efficient monitoring of safety properties , 2004, International Journal on Software Tools for Technology Transfer.

[6]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[7]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[8]  Christian Schaefer,et al.  Formal Analyses of Usage Control Policies , 2009, 2009 International Conference on Availability, Reliability and Security.

[9]  Grigore Rosu,et al.  An overview of the MOP runtime verification framework , 2012, International Journal on Software Tools for Technology Transfer.

[10]  Christian Schaefer,et al.  Usage Control Enforcement with Data Flow Tracking for X11 , 2009, STM 2009.

[11]  David Taniar,et al.  International Journal of Mobile Computing and Multimedia Communications , 2010 .

[12]  Alexander Pretschner,et al.  Distributed data usage control for web applications: a social network implementation , 2011, CODASPY '11.

[13]  Christian Schaefer,et al.  Mechanisms for usage control , 2008, ASIACCS '08.

[14]  Philippe Schnoebelen,et al.  Temporal logic with forgettable past , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[15]  Christian Dax,et al.  On regular temporal logics with past , 2010, Acta Informatica.

[16]  David Taniar Encyclopedia of Mobile Computing and Commerce , 2007 .

[17]  Alexander Pretschner,et al.  Implementing Trust in Cloud Infrastructures , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[18]  P. Venkataram,et al.  Distributed Approach for QoS Guarantee to Wireless Multimedia , 2007 .