Project Details
Projekt Print View

Scalable Large-Scale Precise System-Wide Data-Driven Usage Control Across Layers of Abstraction and Across Machines

Subject Area Software Engineering and Programming Languages
Term from 2010 to 2016
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 183688753
 
Usage control requirements stipulate constraints on the usage of data after access to them (“de-lete within three days,” “don’t copy.“) Control over data is, however, usually lost in distributed settings once the data is given away.The goal of the project is the run-time enforcement or at least the detection of violation of this kind of properties. Existing approaches focus on one concrete data representation, e.g., a file. In this project, a representation-independent solution is sought. To this end, existing concepts for reference monitors – that are usually defined for technical events – will, firstly, be extended by data flow detection: A deletion requirement for a file will then pertain to all copies of that file as well, the existence of which must hence be tracked. Secondly, a framework for the definition of precise technical machine-level semantics at different levels of abstraction will be provided: “copy” means, among other things, copy a file, copy&paste in Excel, and sending an email. To enforce data-driven usage control policies, reference monitors are, thirdly, defined at different levels of abstraction (e.g., operating system, runtime system, windowing system, separate IT system). Data flows will not only be monitored at each of these levels, but also in-between lev-els. For instance, under a strict interpretation of a prohibition to “copy,” the data’s path from a file through the operating system through the Java VM to native display functions must be tracked if one wants to, finally, prohibit copy&paste
DFG Programme Priority Programmes
 
 

Additional Information

Textvergrößerung und Kontrastanpassung