分布式系统中的数据使用控制实施

Florian Kelbert, A. Pretschner
{"title":"分布式系统中的数据使用控制实施","authors":"Florian Kelbert, A. Pretschner","doi":"10.1145/2435349.2435358","DOIUrl":null,"url":null,"abstract":"Distributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking---that has been designed and used to track the existence of copies of data on single clients---to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiving end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we concretize \"transfer of data\" to the Transmission Control Protocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":"{\"title\":\"Data usage control enforcement in distributed systems\",\"authors\":\"Florian Kelbert, A. Pretschner\",\"doi\":\"10.1145/2435349.2435358\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking---that has been designed and used to track the existence of copies of data on single clients---to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiving end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we concretize \\\"transfer of data\\\" to the Transmission Control Protocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.\",\"PeriodicalId\":118139,\"journal\":{\"name\":\"Proceedings of the third ACM conference on Data and application security and privacy\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"52\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the third ACM conference on Data and application security and privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2435349.2435358\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the third ACM conference on Data and application security and privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2435349.2435358","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 52

摘要

分布式使用控制关注的是在授予初始访问权限后,数据在分布式系统环境中可以或不可以如何使用。如果数据流经分布式系统,则在不同的客户机上存在数据的多个副本。然后必须对所有这些客户机实施使用约束。我们将系统内数据流跟踪的通用模型扩展到跨系统情况,该模型已被设计并用于跟踪单个客户机上数据副本的存在性。当传输(即复制)数据从一台机器到另一台机器时,我们的模型使得(1)将使用控制策略与数据一起传输到接收端的本地执行端,以及(2)了解分布式系统中数据副本的存在。例如,我们将“数据传输”具体化为传输控制协议(TCP)。基于这个具体化的模型,我们开发了一个分布式的使用控制实施基础设施,该基础设施将使用控制实施的范围扩展到任何接收使用控制数据的系统。我们为OpenBSD实例化和实现我们的工作,并评估其安全性和性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Data usage control enforcement in distributed systems
Distributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking---that has been designed and used to track the existence of copies of data on single clients---to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiving end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we concretize "transfer of data" to the Transmission Control Protocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Effect of grammar on security of long passwords A new approach for delegation in usage control Session details: Poster session Multi-user dynamic proofs of data possession using trusted hardware All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1