Data usage control enables data owners to enforce policies for their data, by defining authorizations, but also obligations, which are actions to be performed before, during or after being granted access such as accepting web cookies, and conditions bearing on the system and environment attributes, e.g., the time. Usage control is often coupled with information flow control to monitor how data are propagated. While usage control is well established and modeled in centralized systems, the literature has only partially addressed usage control for distributed systems, for instance by distributing the usage control system components. However, when it comes to assigning policy to certain data, it is always enforced by a central authority. This paper proposes an extended usage control model to integrate decentralized information flow control (DIFC), which enables users to decide collectively which policy to apply to their common data. Functions to handle connection status aspects are also considered, for dynamic Internet of Things (IoT) or peer-to-peer networks where parts of the distributed network can be disconnected. Architectural aspects and formal definitions to enable decentralized policies for shared data are proposed as a novelty, resulting from the integration of DIFC. We used the TLA+ formal specification language on the proposed model and its attached model checker TLC to detect potential issues. We detected potential deadlocks due to the new connection functions as well as temporal ordering issues then suggested mitigations accordingly. A privacy analysis is provided using a car-sharing scenario to highlight the benefits of usage control.
Read full abstract