Deriving implementation-level policies for usage control enforcement

Prachi Kumari, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

18 Scopus citations

Abstract

Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, however, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user's domain to technical events and artifacts. For instance, semantics of basic operators such as "copy"or "delete", which are fundamental for specifying privacy policies, tend to vary according to context. For this reason they can be mapped to different sets of system events. The behaviour users expect from the system, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level usage control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented.

Original languageEnglish
Title of host publicationCODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery
Pages83-94
Number of pages12
ISBN (Print)9781450310918
DOIs
StatePublished - 2012
Externally publishedYes
Event2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12 - San Antonio, TX, United States
Duration: 7 Feb 20129 Feb 2012

Publication series

NameCODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

Conference

Conference2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12
Country/TerritoryUnited States
CitySan Antonio, TX
Period7/02/129/02/12

Keywords

  • policy enforcement
  • security and privacy
  • semantics
  • usage control
  • user vs. system requirements

Fingerprint

Dive into the research topics of 'Deriving implementation-level policies for usage control enforcement'. Together they form a unique fingerprint.

Cite this