View in EDS

Data usage control enforcement in distributed systems

Saved in:

Bibliographic Details
Title:	Data usage control enforcement in distributed systems
Authors:	Florian Kelbert, Technische Universität München, Alexander Pretschner
Contributors:	The Pennsylvania State University CiteSeerX Archives
Source:	https://www22.in.tum.de/fileadmin/papers/codaspy13.pdf.
Publication Year:	2013
Collection:	CiteSeerX
Subject Terms:	Categories and Subject Descriptors D.4.6 [Security and Protection, Information flow con- trols, D.4.6 [Security and Protection, Access controls General Terms Security Keywords Distributed Usage Control, Policy Enforcement, Security and Privacy, Sticky Policies, Data Flow Tracking
Description:	Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.
Document Type:	text
File Description:	application/pdf
Language:	English
Relation:	http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.674.5355
Availability:	http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.674.5355
Rights:	Metadata may be used without restrictions as long as the oai identifier remains attached to it.
Accession Number:	edsbas.F98D358
Database:	BASE

View record from BASE

Nájsť tento článok vo Web of Science

Description
Abstract:	Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.