State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition

State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition

Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Harvan, M., Pretschner, A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Control systems
Data security
enforcement
information flow
Information security
Measurement
Middleware
Monitoring
Operating systems
Protection
reference monitor
Sockets
system calls
usage control
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 380
container_issue
container_start_page 373
container_title
container_volume
creator Harvan, M.
Pretschner, A.
description Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.
doi_str_mv 10.1109/NSS.2009.51
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5319291</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5319291</ieee_id><sourcerecordid>5319291</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-55a04d7456241185278b384d7944998ccb142035dad616b020f25683a644e6503</originalsourceid><addsrcrecordid>eNotjztPwzAAhI0QEqhkYmTxH0jx-zFCaEulCoa0I6qcxCkWiV3ZRlX_PeGx3Om-4XQHwB1Gc4yRfnit6zlBSM85vgCFlgpJoTlVVOnL34wZYYwjJfU1KFJyDSJCCkmZvgHvdTbZlk8m2Q7ukjlYWAWfYxjgwvchtna0PsOTyx_w2WQDl0M4wW007afzB_iVfrQ-p2xHWJlhgGufbTyG5LIL_hZc9WZItvj3GdgtF9vqpdy8rdbV46Z0WPJccm4Q6yTjgjCMFSdSNVRNRDOmtWrbZrqAKO9MJ7CY5qOecKGoEYxZwRGdgfu_Xmet3R-jG0087znFmmhMvwEaClKg</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Harvan, M. ; Pretschner, A.</creator><creatorcontrib>Harvan, M. ; Pretschner, A.</creatorcontrib><description>Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.</description><identifier>ISBN: 9781424450879</identifier><identifier>ISBN: 142445087X</identifier><identifier>EISBN: 9780769538389</identifier><identifier>EISBN: 076953838X</identifier><identifier>DOI: 10.1109/NSS.2009.51</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Control systems ; Data security ; enforcement ; information flow ; Information security ; Measurement ; Middleware ; Monitoring ; Operating systems ; Protection ; reference monitor ; Sockets ; system calls ; usage control</subject><ispartof>2009 Third International Conference on Network and System Security, 2009, p.373-380</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5319291$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5319291$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Harvan, M.</creatorcontrib><creatorcontrib>Pretschner, A.</creatorcontrib><title>State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition</title><title>2009 Third International Conference on Network and System Security</title><addtitle>ICNSS</addtitle><description>Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.</description><subject>Access control</subject><subject>Control systems</subject><subject>Data security</subject><subject>enforcement</subject><subject>information flow</subject><subject>Information security</subject><subject>Measurement</subject><subject>Middleware</subject><subject>Monitoring</subject><subject>Operating systems</subject><subject>Protection</subject><subject>reference monitor</subject><subject>Sockets</subject><subject>system calls</subject><subject>usage control</subject><isbn>9781424450879</isbn><isbn>142445087X</isbn><isbn>9780769538389</isbn><isbn>076953838X</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjztPwzAAhI0QEqhkYmTxH0jx-zFCaEulCoa0I6qcxCkWiV3ZRlX_PeGx3Om-4XQHwB1Gc4yRfnit6zlBSM85vgCFlgpJoTlVVOnL34wZYYwjJfU1KFJyDSJCCkmZvgHvdTbZlk8m2Q7ukjlYWAWfYxjgwvchtna0PsOTyx_w2WQDl0M4wW007afzB_iVfrQ-p2xHWJlhgGufbTyG5LIL_hZc9WZItvj3GdgtF9vqpdy8rdbV46Z0WPJccm4Q6yTjgjCMFSdSNVRNRDOmtWrbZrqAKO9MJ7CY5qOecKGoEYxZwRGdgfu_Xmet3R-jG0087znFmmhMvwEaClKg</recordid><startdate>200910</startdate><enddate>200910</enddate><creator>Harvan, M.</creator><creator>Pretschner, A.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200910</creationdate><title>State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition</title><author>Harvan, M. ; Pretschner, A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-55a04d7456241185278b384d7944998ccb142035dad616b020f25683a644e6503</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Access control</topic><topic>Control systems</topic><topic>Data security</topic><topic>enforcement</topic><topic>information flow</topic><topic>Information security</topic><topic>Measurement</topic><topic>Middleware</topic><topic>Monitoring</topic><topic>Operating systems</topic><topic>Protection</topic><topic>reference monitor</topic><topic>Sockets</topic><topic>system calls</topic><topic>usage control</topic><toplevel>online_resources</toplevel><creatorcontrib>Harvan, M.</creatorcontrib><creatorcontrib>Pretschner, A.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Harvan, M.</au><au>Pretschner, A.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition</atitle><btitle>2009 Third International Conference on Network and System Security</btitle><stitle>ICNSS</stitle><date>2009-10</date><risdate>2009</risdate><spage>373</spage><epage>380</epage><pages>373-380</pages><isbn>9781424450879</isbn><isbn>142445087X</isbn><eisbn>9780769538389</eisbn><eisbn>076953838X</eisbn><abstract>Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.</abstract><pub>IEEE</pub><doi>10.1109/NSS.2009.51</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9781424450879
ispartof 2009 Third International Conference on Network and System Security, 2009, p.373-380
issn
language eng
recordid cdi_ieee_primary_5319291
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Control systems
Data security
enforcement
information flow
Information security
Measurement
Middleware
Monitoring
Operating systems
Protection
reference monitor
Sockets
system calls
usage control
title State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T06%3A44%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=State-Based%20Usage%20Control%20Enforcement%20with%20Data%20Flow%20Tracking%20using%20System%20Call%20Interposition&rft.btitle=2009%20Third%20International%20Conference%20on%20Network%20and%20System%20Security&rft.au=Harvan,%20M.&rft.date=2009-10&rft.spage=373&rft.epage=380&rft.pages=373-380&rft.isbn=9781424450879&rft.isbn_list=142445087X&rft_id=info:doi/10.1109/NSS.2009.51&rft_dat=%3Cieee_6IE%3E5319291%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9780769538389&rft.eisbn_list=076953838X&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5319291&rfr_iscdi=true