Context-Aware Policy Analysis for Distributed Usage Control

Abstract

To boost data spaces and benefit from the great opportunities that they present, data sovereignty must be provided by Distributed Usage Control (DUC). Assuming that DUC will be managed by implementing and enforcing policies, notable efforts have already been undertaken in the context of Access Control (AC) regarding policy analysis due to the impact of low-quality policies on security. In this regard, this paper proposes that policy analysis in the DUC context should be understood as an extension of the AC, which is further affected by other challenging features, chief among which are context-aware control and extended control through action requirements. This paper presents a novel Context-Aware Policy Analysis (CAPA) algorithm for detecting inconsistencies and redundancies for DUC policies by supporting a large set of heterogeneous conditions. In this regard, the dependent relationship of conditions is formulated which will lead to more efficient conflict detection. By implementing this concept, a novel tree structure that combines a resource and a policy structure is presented to search for and compare relevant rules from policies. Built on the tree structure and through the formalization of rule conflicts, CAPA is developed and the security and performance it provides is tested in a wind energy use case.