Distributed Usage Control Enforcement
Speaker: Alexander Pretschner , Karlsruhe Institute of Technology, GermanyContact:
Date: October 3 2011
Time: 1:00PM to 2:00PM
Host: Lalana Kagal, CSAIL
Lalana Kagal, firstname.lastname@example.orgRelevant URL: http://zvi.ipd.kit.edu/english/21_70.php
Distributed usage control generalizes access control to what happens to data in the future and after it has been given away. Spanning the domains of privacy, the protection of intellectual property, and compliance, typical requirements include “delete after thirty days,” “don’t delete within five years,” “notify whenever data is given away,” and “don’t print.” Major challenges in this field include policies, enforcement, and guarantees. In terms of enforcement, we present a model and an implementation for distributed usage control enforcement that works on data rather than on single representations of that data. To this end, we track the flow of data between different representations, e.g., files, window contents, network packets, HTML text boxes, etc., and then perform usage control on all these representations. In addition to classical usage control enforcement monitors, this requires tracking systems for detecting data flow within and across different layers of abstraction. As an example, we show how these ideas translate into a social network implementation where users can control their data after being downloaded by other users. According to the friendship status, the latter may not copy&paste sensitive text or images (browser layer), take screenshots of photos (X11 layer), and copy cache files (OS layer). We also show several applications for the Android operating system, present recent work on implementing protocol-agnostic sticky policies, and discuss the relationship with data provenance tracking.
In terms of policies, we explain how we extend our Obligation Specification Language to cater to data rather than single representations, and discuss a model-based extension for user-friendly platform-independent and technology friendly platform-specific policies. Time permitting, we finally present a way to protect our enforcement infrastructure with trusted computing technology in the cloud and discuss several applications on various platforms.
Alexander Pretschner is a full professor of Computer Science at Karlsruhe Institute of Technology, Germany, where he heads the Trustworthy Certifiable Computer Systems Group. Prior appointments include a professorship at Kaiserslautern University of Technology; a research group leadership position at the Fraunhofer Institute for Experimental Software Engineering in Kaiserslautern; guest professorships at the universities of Rennes, Trento, and Innsbruck; and a post doc position at ETH Zurich. PhD from Munich University of Technology; Master's degrees in computer science from the University of Kansas and from RWTH Aachen.
His main research interests are information security, specifically distributed data usage control; and software engineering, specifically testing. He has published 65 papers; organized 25 symposia, including general chairmanships of the 4th International Conference on Software Testing, Verification, and Validation (2011) and the 6th International Workshop on Security and Trust Management (2010). He has served on the program committees of 60 international conferences and workshops and acts as a regular reviewer for funding agencies.
See other events that are part of
See other events happening in October 2011