LXXTHSMEGQSVK Data Usage Control Enforcement in Distributed Systems
Saved in:
| Title: | LXXTHSMEGQSVK Data Usage Control Enforcement in Distributed Systems |
|---|---|
| Authors: | Florian Kelbert, Technische Universität München, Alexander Pretschner |
| Contributors: | The Pennsylvania State University CiteSeerX Archives |
| Source: | http://www4.in.tum.de/%7Ekelbert/papers/codaspy13.pdf. |
| Collection: | CiteSeerX |
| Subject Terms: | Categories and Subject Descriptors D.4.6 [Security and Protection, Information flow con- trols, D.4.6 [Security and Protection, Access controls General Terms Security Keywords Distributed Usage Control, Policy Enforcement, Security and Privacy, Sticky Policies, Data Flow Tracking |
| Description: | Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance. |
| Document Type: | text |
| File Description: | application/pdf |
| Language: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.686.5561; http://www4.in.tum.de/%7Ekelbert/papers/codaspy13.pdf |
| Availability: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.686.5561 http://www4.in.tum.de/%7Ekelbert/papers/codaspy13.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Accession Number: | edsbas.9CD5E9D2 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance. |
|---|