期刊名称:Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN:2093-5374
电子版ISSN:2093-5382
出版年度:2011
卷号:2
期号:4
页码:84-101
出版社:Innovative Information Science & Technology Research Group
摘要:Usage control is an extension of access control that additionally defines what must and must not happen to data after access has been granted. The process of enforcing usage control requirements on data must take into account all the different representations that the data may assume at different levels of abstraction (e.g. file, window content, network packet). Therefore, multiple data .ow track- ing and usage control enforcement monitors are likely to exist, one at each relevant layer. Whenever data .ows from a representation at one layer to a representation at another layer (e.g. a file is loaded and interpreted by an application), then the monitor for the initiating layer (in the example, the oper- ating system) must notify the monitor for the receiving layer (in this example, an application, like a browser) about the data being transfered. This is required in order to associate both representations to the same data. In this paper, we present a bus system to support system-wide usage control en- forcement that, for security and performance reasons, is implemented in a hypervisor. We provide an example application for enforcing usage control across layers of abstraction in the context of social networks. We evaluate security and performance of our bus system
关键词:Data-.ow tracking; usage control; bus system; virtualization; information .ow
