skip to main content
10.1145/1998441.1998467acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
demonstration

Data-centric multi-layer usage control enforcement: a social network example

Published: 15 June 2011 Publication History

Abstract

Usage control is concerned with how data is used after access to it has been granted. Data may exist in multiple representations which potentially reside at different layers of abstraction, including operating system, window manager, application level, DBMS, etc. Consequently, enforcement mechanisms need to be implemented at different layers, in order to monitor and control data at and across all of them.
We present an architecture for usage control enforcement mechanisms that cater to the data dimension, grasping the distinction between data (e.g a picture or a song) and its representations within the system (e.g a file, a window, a network packet, etc.). We then show three exemplary instantiations at the level of operating system, application, and windowing system. Our mechanisms enforce data-related policies simultaneously at the respective levels, offering a concrete multi-layer enforcement and laying the grounds for a combined inter-layer usage control enforcement.
In this demo, we consider a use case from a social network scenario. A user can, on the grounds of assigned trust values, protect his data from being misused after having been downloaded by other users. In particular, our mechanisms prevent sensitive data in the browser window from being printed, saved or copied to the system clipboard, avoid direct access to the cached copy of the file and forbid taking a screenshot of the window where data is shown.

References

[1]
M. Harvan and A. Pretschner. State-based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In Proc. 3rd Intl. Conf. on Network and System Security, pages 373--380, 2009.
[2]
P. Kumari, A. Pretschner, J. Peschla, and J.-M. Kuhn. Distributed data usage control for web applications: a social network implementation. In Proc. 1st ACM Conf. on Data and application security and privacy, pages 85--96, 2011.
[3]
A. Pretschner, M. Buechler, M. Harvan, C. Schaefer, and T. Walter. Usage control enforcement with data flow tracking for x11. In Proc. 5th Intl. Workshop on Security and Trust Management, pages 124--137, 2009.
[4]
A. Pretschner, M. Hilty, D. Basin, C. Schaefer, and T. Walter. Mechanisms for Usage Control. In Proc. ACM Symposium on Information, Computer & Communication Security, pages 240--245, 2008.

Cited By

View all
  • (2017)Adieu Einwilligung?Informationelle Selbstbestimmung im digitalen Wandel10.1007/978-3-658-17662-4_16(265-286)Online publication date: 25-Mar-2017
  • (2016)CoMaFeDS: Consent Management for Federated Data Sources2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)10.1109/IC2EW.2016.30(106-111)Online publication date: Apr-2016
  • (2015)SHRIFT System-Wide HybRid Information Flow TrackingICT Systems Security and Privacy Protection10.1007/978-3-319-18467-8_25(371-385)Online publication date: 9-May-2015
  • Show More Cited By

Index Terms

  1. Data-centric multi-layer usage control enforcement: a social network example

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies
    June 2011
    196 pages
    ISBN:9781450306881
    DOI:10.1145/1998441

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 June 2011

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. policy enforcement
    2. usage control

    Qualifiers

    • Demonstration

    Conference

    SACMAT '11
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2017)Adieu Einwilligung?Informationelle Selbstbestimmung im digitalen Wandel10.1007/978-3-658-17662-4_16(265-286)Online publication date: 25-Mar-2017
    • (2016)CoMaFeDS: Consent Management for Federated Data Sources2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW)10.1109/IC2EW.2016.30(106-111)Online publication date: Apr-2016
    • (2015)SHRIFT System-Wide HybRid Information Flow TrackingICT Systems Security and Privacy Protection10.1007/978-3-319-18467-8_25(371-385)Online publication date: 9-May-2015
    • (2013)Data usage control enforcement in distributed systemsProceedings of the third ACM conference on Data and application security and privacy10.1145/2435349.2435358(71-82)Online publication date: 18-Feb-2013
    • (2012)Deriving implementation-level policies for usage control enforcementProceedings of the second ACM conference on Data and Application Security and Privacy10.1145/2133601.2133612(83-94)Online publication date: 7-Feb-2012
    • (2012)Data Loss Prevention Based on Data-Driven Usage ControlProceedings of the 2012 IEEE 23rd International Symposium on Software Reliability Engineering10.1109/ISSRE.2012.10(151-160)Online publication date: 27-Nov-2012
    • (2011)Representation-Independent data usage controlProceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security10.1007/978-3-642-28879-1_9(122-140)Online publication date: 15-Sep-2011

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media