Translate 
Abstract
The Internet of Things (IoT) is increasingly becoming a ubiquitous computing service, wherein data storage and sharing are outsourced to multiple cloud providers, considering IoT’s resource‐constrained, self‐organizing networks and short‐range communication characteristics. Recently, DUCE, a distributed usage control enforcement model, was proposed to mitigate the privacy concerns brought about by the loss of control over sharing data. DUCE utilizes blockchain and trusted execution environment (TEE) technologies to achieve reliable and continuous life‐cycle enforcement for cross‐domain data‐sharing scenarios. However, the requirement that maintains an individual TEE in each application agent makes DUCE deployment difficult, and data transferring to the application makes for less trustworthy usage. In this paper, we propose an alternate architecture called DUCEx to support the functionality of DUCE; nevertheless, DUCEx constructs the TEE via commitments of blockchain rather than one‐to‐one correspondence with application agents. Further, the policy administration point is also distributed and controlled by the data owner, who can modify the rules anywhere and anytime. The eXtensible Access Control Markup Language (XACML) expression rules are parsed and enforced as the smart contract at run time. A detailed explanation of the enforcement process is given for a typical example of the “delete‐after‐use” rule subsequently. By using Intel Software Guard eXtensions (SGX) to implement the prototype system, the experimental results show that DUCEx achieves a more trustworthy usage than DUCE and is easier to deploy along with appropriate performance. We believe our study will contribute to building secure, scalable, and privacy‐preserving infrastructure for the IoT era.
Published Version
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
