Deriving implementation-level policies for usage control enforcement

Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, how-ever, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user’s domain to technical events and artifacts. For instance, semantics of basic oper-ators such as “copy ” or “delete”, which are fundamental for specifying privacy policies, tend to vary according to con-text. For this reason they can be mapped to different sets of system events. The behaviour users expect from the sys-tem, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level us-age control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented

Verbesserrung der Datenflussüberwachung für Datennutzungskontrollsysteme

This thesis provides a new, hybrid approach in the field of Distributed Data Usage Control (DUC), to track the flow of data inside applications. A combination between static information flow analysis and dynamic data flow tracking enables to track selectively only those program locations that are actually relevant for a flow of data. This ensures the portability of a monitored application with low performance overhead. Beyond that, DUC systems benefit from the present approach as it reduces overapproximation in data flow tracking, and thus, provides a more precise result to enforce data usage restrictions.Diese Thesis liefert einen neuartigen hybriden Ansatz auf dem Gebiet von Distributed Data Usage Control (DUC), um den Datenfluss innerhalb einer Anwendung zu überwachen. Eine Kombination aus statischer Informationsflussanalyse und dynamischer Datenflussüberwachung ermöglicht die selektive, modulare Überwachung derjenigen Programmstellen, welche tatsächlich relevant für einen Datenfluss sind. Dadurch wird die Portabilität einer zu überwachenden Anwendung, bei geringem Performance Overhead, sichergestellt. DUC Systeme profitieren vom vorliegenden Ansatz vor allem dadurch, dass Überapproximation bei der Datenflussüberwachung reduziert wird, und somit ein präziseres Ergebnis für die Durchsetzung von Datennutzungsrestriktionen vorliegt