Abstract
Data usually takes different shapes and appears as files, windows, processes’ memory, network connections, etc. Information flow tracking technology keeps an eye on these different representations of a data item. Integrated with a usage control (UC) infrastructure, this allows us to enforce UC requirements on each representation of a protected data item. To enable UC enforcement in distributed settings, we need to be able to track information flows across system boundaries. In this paper, we introduce a state-based information flow model for tracking explicit flows between systems equipped with UC technology. We demonstrate the applicability of our approach by means of an instantiation in the field of video surveillance, where systems are increasingly accessed via insecure mobile applications. Based on usage control and inter-system information flow tracking, we show how video data transmitted from a video surveillance server to mobile clients can be protected against illegitimate duplication and redistribution after receipt.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Basin, D. A., Harvan, M., Klaedtke, F., & Zalinescu, E. (2013). Monitoring data usage in distributed systems. IEEE Transactions on Software Engineering, 39(10), 1403–1426.
Demsky, B. (2011). Cross-application data provenance and policy enforcement. ACM Transactions on Information and System Security, 14(1), 6.
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems, 32(2), 5.
Feth, D., & Pretschner, A. (2012). Flexible data-driven security for android. In 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE) (pp. 41–50). New York: IEEE.
Harvan, M., & Pretschner, A. (2009). State-based usage control enforcement with data flow tracking using system call interposition. In Proceedings of NSS (pp. 373–380).
Kelbert, F., & Pretschner, A. (2013). Data usage control enforcement in distributed systems. In Proceedings of CODASPY (pp. 71–82).
Kelbert, F., & Pretschner, A. (2014). Decentralized distributed data usage control. In Proceedings of CANS (pp. 353–369).
Kim, H. C., Keromytis, A. D., Covington, M., & Sahita, R. (2009). Capturing information flow with concatenated dynamic taint analysis. In Proceedings of ARES (pp. 355–362).
Lovat, E. (2015). Cross-layer Data-centric Usage Control. Dissertation, Technische Universität München, München, Germany. Dissecting scanning activities using ip gray space.
Lovat, E., & Kelbert, F. (2014). Structure matters - A new approach for data flow tracking. In Proceedings of SPW (IEEE) (pp. 39–43).
Lovat, E., Oudinet, J., & Pretschner, A. (2014). On quantitative dynamic data flow tracking. In Proceedings of CODASPY (pp. 211–222).
Park, J., & Sandhu, R. S. (2004). The ucon\(_{\mbox{ abc}}\) usage control model. ACM Transactions on Information and System Security, 7(1), 128–174.
Pretschner, A., Hilty, M., & Basin, D. A. (2006). Distributed usage control. Communications of ACM, 49(9), 39–44.
Pretschner, A., Lovat, E., & Büchler, M. (2011). Representation-independent data usage control. In Proceedings of DPM (pp. 122–140).
Wüchner, T., & Pretschner, A. (2012). Data loss prevention based on data-driven usage control. In Proceedings of ISSRE (IEEE) (pp. 151–160).
Yin, H., Song, D. X., Egele, M., Kruegel, C., & Kirda, E. (2007). Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of CCS (ACM) (pp. 116–127).
Zhang, Q., McCullough, J., Ma, J., Schear, N., Vrable, M., Vahdat, A., Snoeren, A. C., Voelker, G. M., & Savage, S. (2010). Neon: system support for derived data management. In Proceedings of VEE (pp. 63–74).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Birnstill, P., Bier, C., Wagner, P., Beyerer, J. (2018). Generic Semantics Specification and Processing for Inter-System Information Flow Tracking. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-58424-9_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58423-2
Online ISBN: 978-3-319-58424-9
eBook Packages: EngineeringEngineering (R0)