In EDS ansehen

Data usage control enforcement in distributed systems

Gespeichert in:
Bibliographische Detailangaben
Titel: Data usage control enforcement in distributed systems
Autoren: Florian Kelbert, Technische Universität München, Alexander Pretschner
Weitere Verfasser: The Pennsylvania State University CiteSeerX Archives
Quelle: https://www22.in.tum.de/fileadmin/papers/codaspy13.pdf.
Publikationsjahr: 2013
Bestand: CiteSeerX
Schlagwörter: Categories and Subject Descriptors D.4.6 [Security and Protection, Information flow con- trols, D.4.6 [Security and Protection, Access controls General Terms Security Keywords Distributed Usage Control, Policy Enforcement, Security and Privacy, Sticky Policies, Data Flow Tracking
Beschreibung: Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.
Publikationsart: text
Dateibeschreibung: application/pdf
Sprache: English
Relation: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.674.5355
Verfügbarkeit: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.674.5355
Rights: Metadata may be used without restrictions as long as the oai identifier remains attached to it.
Dokumentencode: edsbas.F98D358
Datenbank: BASE
Beschreibung
Abstract:Distributed usage control is concerned with how data may or may not be used in distributed system environments af-ter initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking—that has been designed and used to track the existence of copies of data on sin-gle clients—to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiv-ing end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we con-cretize “transfer of data ” to the Transmission Control Pro-tocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.