CloudFilter

Papagiannis, Ioannis; Pietzuch, Peter

doi:10.1145/2381913.2381931

Cited by 20 publications

(9 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As detailed in Section 6.2, further models and implementations for cross-system data flow tracking and policy propagation exist [53,89,161,162,220,222,224].…”

Section: Generic Cross System Data Flow Tracking and Policy Propagationmentioning

confidence: 99%

“…For this reason, all of these solutions come with one more limitations when considered in the context of distributed data usage control enforcement, such as (i) being limited in the number of distinct data and/or policies that can be tracked [162,220,224], (ii) being limited to the propaga- tion of simple labels rather than complex policies [53,162,220,222,223], (iii) relying on particular hardware [162,220], hypervisors [223], and/or application(-protocol)s [89,161], (iv) necessitating the adaptation of existing applications [161,162,222].…”

Section: Generic Cross System Data Flow Tracking and Policy Propagationmentioning

confidence: 99%

“…CloudFilter [161] aims at controlling data propagation between enterprises and cloud storage services. More precisely, the solution allows employees of an enterprise to upload confidential files to cloud storage services while ensuring that "(i) the operation is logged, (ii) the action can be attributed to a user and (iii) other users can only access [the file] from a designated set of networks " [161].…”

Section: Cross-system Data Flow Tracking and Policy Propagation 161mentioning

confidence: 99%

“…More precisely, the solution allows employees of an enterprise to upload confidential files to cloud storage services while ensuring that "(i) the operation is logged, (ii) the action can be attributed to a user and (iii) other users can only access [the file] from a designated set of networks " [161]. To this end, a web browser extension detects file uploads at the HTTP layer and attaches corresponding metadata about the uploaded file.…”

Section: Cross-system Data Flow Tracking and Policy Propagation 161mentioning

confidence: 99%

“…(1) Many of the discussed approaches present obstacles that make them difficult to deploy within commodity systems: [162,220] necessitate additional hardware by building upon Intel's Pin dynamic instrumentation library; [161,162,223] necessitate the adaptation of existing applications; [224] necessitates the presence of a particular hypervisor. (2) Some approaches are not generic as they are tailored to specific applications and/or application protocols [89,161,223].…”

Section: Cross-system Data Flow Tracking and Policy Propagation 161mentioning

confidence: 99%

See 4 more Smart Citations

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

AcknowledgementsMy thanks go to• Prof. Pretschner. For introducing me to the academic world with all its diverse aspects: administrative matters, conferences, discussions, learning, reading, presentations, projects, reviewing, teaching, writing, pain and glory. For letting me work on an interesting thesis topic. For guidance, feedback, liberty, criticism and plaudits.• Prof. Katzenbeisser. For providing feedback on earlier partial results of this thesis.• all co-authors and internal reviewers. Alexander, Dominik, Enrico, Fatemeh, Hervais, Matthias, Mojdeh, Prachi, Saahil, Sebastian, Tobias. For teaching me how to collaboratively write scientific documents and how to cope best with endless discussions, reviews, corrections, rewriting, etc.• all remaining current and former colleagues and collaborators from KIT, TUM, • all project partners from TU Darmstadt, Universität Freiburg, Universität Kassel, Capurro Fiek Stiftung für Informationsethik, Fraunhofer SIT, Google Germany GmbH, Deutsche Post AG, Nokia, IBM, AGT International, DFKI, Seeburger, Stadtwerke Saarlouis. For innumerable interesting and diverse experiences.• all developers and authors of free tools and Q&A websites. For developing and maintaining software such as Eclipse, Firefox, Gimp, Gnome, Gnuplot, Inkscape, LaTeX, LibreOffice, Linux, StackExchange, Thunderbird, and many more.• all friends and family. Which are simply too many to enumerate. For constantly reminding me, both consciously and unconsciously, in countless ways that there is more to life than work and research. AbstractData usage control provides mechanisms for data owners to remain in control over how their data is used after it has been accessed. Corresponding technical solutions are thus applicable in many distinct areas such as the protection of business, military and government secrets, intellectual property, as well as private user data. However, most existing solutions focus on the enforcement of data usage control within single systems and disregard distributed aspects of data usage control, i.e. how the usage of data can be controlled once data has been shared across systems and organizations.In fact, many data usage policies can only be enforced on a global scale, as they refer to data as well as data usage events happening within several distributed systems, e.g. "at each point in time at most two clerks might have a local copy of this contract", or "a contract must be approved by at least two clerks before it is sent to the customer".While such policies can intuitively be enforced using a centralized infrastructure, major drawbacks are that such solutions constitute a single point of failure and that they are expected to cause heavy communication and performance overheads.In order to address these open challenges, this dissertation contributes by providing (i) a formal distributed data usage control system model, and (ii) the first fully decentralized infrastructure for the preventive enforcement of data usage policies. More precisely, the provided model allows to track the f...

show abstract

“…As detailed in Section 6.2, further models and implementations for cross-system data flow tracking and policy propagation exist [53,89,161,162,220,222,224].…”

Section: Generic Cross System Data Flow Tracking and Policy Propagationmentioning

confidence: 99%