TY - GEN
T1 - Deriving implementation-level policies for usage control enforcement
AU - Kumari, Prachi
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2012 ACM.
PY - 2012
Y1 - 2012
N2 - Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, however, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user's domain to technical events and artifacts. For instance, semantics of basic operators such as "copy"or "delete", which are fundamental for specifying privacy policies, tend to vary according to context. For this reason they can be mapped to different sets of system events. The behaviour users expect from the system, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level usage control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented.
AB - Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, however, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user's domain to technical events and artifacts. For instance, semantics of basic operators such as "copy"or "delete", which are fundamental for specifying privacy policies, tend to vary according to context. For this reason they can be mapped to different sets of system events. The behaviour users expect from the system, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level usage control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented.
KW - policy enforcement
KW - security and privacy
KW - semantics
KW - usage control
KW - user vs. system requirements
UR - http://www.scopus.com/inward/record.url?scp=84864049653&partnerID=8YFLogxK
U2 - 10.1145/2133601.2133612
DO - 10.1145/2133601.2133612
M3 - Conference contribution
AN - SCOPUS:84864049653
SN - 9781450310918
T3 - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
SP - 83
EP - 94
BT - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
T2 - 2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12
Y2 - 7 February 2012 through 9 February 2012
ER -