A virtualized usage control bus system

Cornelius Moucha, Enrico Lovat, Alexander Pretschner

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Usage control is an extension of access control that additionally defines what must and must not happen to data after access has been granted. The process of enforcing usage control requirements on data must take into account all the different representations that the data may assume at different levels of abstraction (e.g. file, window content, network packet). Therefore, multiple data flow tracking and usage control enforcement monitors are likely to exist, one at each relevant layer. Whenever data flows from a representation at one layer to a representation at another layer (e.g. a file is loaded and interpreted by an application), then the monitor for the initiating layer (in the example, the operating system) must notify the monitor for the receiving layer (in this example, an application, like a browser) about the data being transfered. This is required in order to associate both representations to the same data. In this paper, we present a bus system to support system-wide usage control enforcement that, for security and performance reasons, is implemented in a hypervisor. We provide an example application for enforcing usage control across layers of abstraction in the context of social networks. We evaluate security and performance of our bus system.

Original languageEnglish
Pages (from-to)84-101
Number of pages18
JournalJournal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Issue number4
StatePublished - Dec 2011
Externally publishedYes


  • Bus system
  • Data-flow tracking
  • Information flow
  • Usage control
  • Virtualization


Dive into the research topics of 'A virtualized usage control bus system'. Together they form a unique fingerprint.

Cite this