Manuel Hilty scite author profile

We present the Obligation Specification Language (OSL), a policy language for distributed usage control. OSL supports the formalization of a wide range of usage control requirements. We also present translations between OSL and two rights expression languages (RELs) from the DRM area. These translations make it possible to use DRM mechanisms to enforce OSL policies. Furthermore, the translations enhance the interoperability of DRM mechanisms and allow us to apply OSL-specific monitoring and analysis tools to the RELs. IntroductionMany kinds of digitally stored and processed data should only be used in restricted ways. Personal data, for example, is collected during activities such as online shopping, using loyalty cards, interaction with public administrations, and using mobile phones. To protect the privacy of the data subjects, there exist laws and regulations governing the use of personal data. Private businesses also have a keen interest in protecting their trade secrets, which turns out to be difficult, for example, when different corporations collaborate in virtual enterprises. Similarly, the creators of music, video, or other artistic works want their intellectual property rights to be respected when others use their creations.Usage control [23,25] is an extension of access control that covers not only who may access which data, but also how the data may or may not be used afterwards. We study usage control in the context of distributed systems with different actors who take the roles of data providers (who distribute data) and data consumers (who request and receive data). When a data provider gives a data item to a data consumer, certain conditions apply. Provisions are those conditions that refer to the past and are concerned with whether the data item may be released in the first place. Other conditions govern the future usage of the data, so-called obligations [4]. Examples of obligations include "do not distribute document D to anyone outside of the organization," "play movie M at most 5 times," and "notify the author whenever document D is modified." In this paper, we focus exclusively on obligations because provisions have been thoroughly studied in the area of access control.

show abstract

On Obligations

Hilty

Basin

Pretschner

2005

View full text Add to dashboard Cite

Access control is concerned with granting access to sensitive data based on conditions that relate to the past or present, so-called provisions. Expressing requirements from the domain of data protection necessitates extending this notion with conditions that relate to the future. Obligations, in this sense, are concerned with commitments of the involved parties. At the moment of granting access, adherence to these commitments cannot be guaranteed. An example is the requirement "do not redistribute data", where the actions of the involved parties may not even be observable. We provide a formal framework that allows us to precisely specify data protection policies. A syntactic classification of formulas gives rise to natural and intuitive formal definitions of provisions and obligations. Based on this classification, we present different mechanisms for checking adherence to agreed upon commitments.

show abstract

Usage Control Enforcement: Present and Future

Pretschner¹,

Hilty²,

Schütz

et al. 2008

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

Mechanisms for usage control

Pretschner

Hilty

Basin

et al. 2008

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Manuel Hilty

Distributed usage control

A Policy Language for Distributed Usage Control

On Obligations

Usage Control Enforcement: Present and Future

Mechanisms for usage control

Contact Info

Product

Resources

About