Deriving implementation-level policies for usage control enforcement

Kumari, Prachi; Pretschner, Alexander

doi:10.1145/2133601.2133612

Cited by 13 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since previous work showed how high-level OSL policies can be translated into technical Event-Condition-Action (ECA) rules ECA rule for enforcement purposes [108,109], this thesis focuses on such ECA rules. While the formal semantics of ECA rules are provided in [106,126], their intuitive semantics are as follows: Once a system event e ∈ S refining the trigger Event trigger event ∈ E (cf.…”

Section: Specification Of Data Usage Policiesmentioning

confidence: 99%

“…to indicate that a certain amount of time has passed. According to [108,109,156,172,174], ECA conditions (Φ) are specified in terms of past linear temporal logics [62,118,133]. Their syntax is specified as:…”

Section: Specification Of Data Usage Policiesmentioning

confidence: 99%

“…Most relevant for this thesis is the work by Kumari et al [106,108,109], which translate high-level specification policies into low-level implementation policies. The motivation is that regular end users aiming to protect their data are usually not capable of writing policies in low-level policy languages.…”

Section: Policy Specificationmentioning

confidence: 99%

See 2 more Smart Citations

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

AcknowledgementsMy thanks go to• Prof. Pretschner. For introducing me to the academic world with all its diverse aspects: administrative matters, conferences, discussions, learning, reading, presentations, projects, reviewing, teaching, writing, pain and glory. For letting me work on an interesting thesis topic. For guidance, feedback, liberty, criticism and plaudits.• Prof. Katzenbeisser. For providing feedback on earlier partial results of this thesis.• all co-authors and internal reviewers. Alexander, Dominik, Enrico, Fatemeh, Hervais, Matthias, Mojdeh, Prachi, Saahil, Sebastian, Tobias. For teaching me how to collaboratively write scientific documents and how to cope best with endless discussions, reviews, corrections, rewriting, etc.• all remaining current and former colleagues and collaborators from KIT, TUM, • all project partners from TU Darmstadt, Universität Freiburg, Universität Kassel, Capurro Fiek Stiftung für Informationsethik, Fraunhofer SIT, Google Germany GmbH, Deutsche Post AG, Nokia, IBM, AGT International, DFKI, Seeburger, Stadtwerke Saarlouis. For innumerable interesting and diverse experiences.• all developers and authors of free tools and Q&A websites. For developing and maintaining software such as Eclipse, Firefox, Gimp, Gnome, Gnuplot, Inkscape, LaTeX, LibreOffice, Linux, StackExchange, Thunderbird, and many more.• all friends and family. Which are simply too many to enumerate. For constantly reminding me, both consciously and unconsciously, in countless ways that there is more to life than work and research. AbstractData usage control provides mechanisms for data owners to remain in control over how their data is used after it has been accessed. Corresponding technical solutions are thus applicable in many distinct areas such as the protection of business, military and government secrets, intellectual property, as well as private user data. However, most existing solutions focus on the enforcement of data usage control within single systems and disregard distributed aspects of data usage control, i.e. how the usage of data can be controlled once data has been shared across systems and organizations.In fact, many data usage policies can only be enforced on a global scale, as they refer to data as well as data usage events happening within several distributed systems, e.g. "at each point in time at most two clerks might have a local copy of this contract", or "a contract must be approved by at least two clerks before it is sent to the customer".While such policies can intuitively be enforced using a centralized infrastructure, major drawbacks are that such solutions constitute a single point of failure and that they are expected to cause heavy communication and performance overheads.In order to address these open challenges, this dissertation contributes by providing (i) a formal distributed data usage control system model, and (ii) the first fully decentralized infrastructure for the preventive enforcement of data usage policies. More precisely, the provided model allows to track the f...

show abstract

Section: Specification Of Data Usage Policiesmentioning

confidence: 99%

Section: Specification Of Data Usage Policiesmentioning

confidence: 99%

See 1 more Smart Citation

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…In contrast, the very idea of our work is a more generic approach that relies on instantiated domain meta models; this is the gap in usage control policy refinement that is filled by this work. A modelbased semi-automated approach to usage control policy derivation is described in [6,7]. We build on this work and achieve automated policy derivation.…”

Section: Related Work and Relevancementioning

confidence: 99%

“…Because data and actions on data are specific to an application domain, a three-layered domain meta-model for refining data and actions has been proposed in [6]. This meta-model ( Fig.…”

Section: Introductionmentioning

confidence: 99%

Automated Translation of End User Policies for Usage Control Enforcement

Kumari

Pretschner

2015

Data and Applications Security and Privacy XXIX

Self Cite

View full text Add to dashboard Cite

Abstract. In existing implementations of usage control, policies have been specified at the implementation level by intelligent users who understand the technical details of the systems in place. However, end users who want to protect their data are not always technical experts. So they would like to specify policies in abstract terms which could somehow be translated in a format that technical systems understand. This paper describes a generic and automated policy derivation where end users can specify their usage control requirements in structured natural language sentences, from which system-understandable technical policies are derived and deployed without further human intervention.

show abstract

A Survey on Privacy in Residential Demand Side Management Applications

Karwe

Strüker

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Deriving implementation-level policies for usage control enforcement

Cited by 13 publications

References 39 publications

Data Usage Control for Distributed Systems

Data Usage Control for Distributed Systems

Automated Translation of End User Policies for Usage Control Enforcement

A Survey on Privacy in Residential Demand Side Management Applications

Contact Info

Product

Resources

About