Representation-Independent Data Usage Control |
---|
Usage control is concerned with what happens to data after
access has been granted and is, among other things, thus
particulary relevant for ensuring privacy. In the literature,
usage control models have been dened on the grounds of
\emph{events} that, somehow, are related to \emph{data}. In order
to better cater to the dimension of data, we extend a usage
control model by the explicit distinction between \emph{data} and
\emph{representation} of data. A data flow model is used to track
the flow of data in-between different representations. The usage
control model is then extended so that usage control policies can
address not just one single representation (e.g., delete file1.txt
after thirty days) but rather all representations of the data
(e.g., if file1.txt is a copy of file2.txt, also delete
file2.txt). We present three proof-of-concept implementations of
the model, at the operating system level, at the browser level,
and at the X11 level, and also provide an ad-hoc implementation
for multi-layer enforcement.
DPM 2011 Program |