This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Usage Control Enforcement: Present and Future
July/August 2008 (vol. 6 no. 4)
pp. 44-53
Alexander Pretschner, Swiss Institute of Technology
Manuel Hilty, AdNovum Informatik AG
Florian Sch?, RUAG Electronics
Christian Schaefer, DoCoMo Euro-Labs
Thomas Walter, DoCoMo Euro-Labs
Both personal data and intellectual property must be protected for various reasons. The authors explore the state of the art in usage control, which is about controlling the use of such data after it has been given away, and identify room for improvement.

1. J. Park and R. Sandhu, "The UCON ABC Usage Control Model," ACM Trans. Information and Systems Security, vol. 7, no. 1, 2004, pp. 128–174.
2. A. Pretschner, M. Hilty, and D. Basin, "Distributed Usage Control," Comm. ACM, vol. 49, no. 9, 2006, pp. 39–44.
3. M. Hilty et al., A System Model and an Obligation Language for Distributed Usage Control, tech. report I-ST-20, DoCoMo Euro-Labs, Dec. 2006; www.docomoeurolabs.de/pdfA_System_Model_and_an_Obligation_Language_for_Distributed_Usage_Control.pdf .
4. C. Bettini et al., "Provisions and Obligations in Policy Rule Management," J. Network and System Management, vol. 11, no. 3, 2003, pp. 351–372.
5. D. Povey, "Optimistic Security: A New Access Control Paradigm," Proc. Workshop on New Security Paradigms, ACM, 1999, pp. 40–45.
6. M. Hilty et al., "Usage Control Requirements in Mobile and Ubiquitous Computing Applications," Proc. Int'l. Conf. Systems and Networks Communications, IEEE CS Press, 2006.
7. S. Guth and R. Iannella, Open Digital Rights Language (ODRL) Version 2 Requirements, Feb. 2005; odrl.net/2.0/v2req.html.
8. D. Parrott, Requirements for a Rights Data Dictionary and Rights Expression Language, tech. report, Reuters, 2001; xml.coverpages.org/Reuters-mpeg-response-v10-public.pdf.
9. European Union, "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 On The Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data," Official Journal L 281, Nov. 1995, pp. 31–50; http://eur-lex.europa.eu/LexUriServLexUriServ.do?uri=CELEX:31995L0046:EN:NOT .
10. Privacy and Identity Management for Europe (Prime) Project, "Requirements v. 1," June 2005; www.prime-project.eu/prime_products/reports reqs/.
11. M. Hilty et al., "A Policy Language for Distributed Usage Control," Proc. European Symp. Research in Computer Security, Springer-Verlag, 2007, pp. 531–546.
12. X. Wang et al., "XrML—eXtensible Rights Markup Language," Proc. ACM Workshop on XML Security (XMLSEC 02), ACM Press, 2002, pp. 71–79.
13. M. Hilty et al., Enforcement for Usage Control—An Overview of Control Mechanisms, tech. report I-ST-18, DoCoMo Euro-Labs, July 2006; www.docomoeurolabs.de/pdfEnforcement_for_Usage_Control_an_Overview_of_Control_Mechanisms.pdf .
14. Digital Content Protection, High-bandwidth Digital Content Protection System - v. 1.1, June 2003; www.digital-cp.com/files/static_page_files/ 8006F925-129D-4C12-C87899B5A76EF5C3HDCP_Specification%20Rev1_3.pdf .
15. R. Sandhu et al., "Client-Side Access Control Enforcement Using Trusted Computing and PEI Models," J. High Speed Networks, vol. 15, no. 3, 2006, pp. 229–245.
16. P. Sevinç, M. Strasser, and D. Basin, "Securing the Distribution and Storage of Secrets with Trusted Platform Modules," Proc. IEEE Workshop in Information Security Theory and Practices, LNCS 4462, Springer-Verlag, 2007, pp. 53–66.
17. Marlin Developer Community, "Marlin Architecture Overview," 2006; www.marlin-community.com/images/wpMarlinArchitectureOverview.pdf .
18. Marlin Developer Community, "The Role of Octopus in Marlin," 2006; www.marlin-community.com/images/wpRoleofOctopusinMarlin.pdf .

Index Terms:
Usage control, access control, privacy, digital rights management, data protection, audit, computer security
Citation:
Alexander Pretschner, Manuel Hilty, Florian Sch?, Christian Schaefer, Thomas Walter, "Usage Control Enforcement: Present and Future," IEEE Security & Privacy, vol. 6, no. 4, pp. 44-53, July-Aug. 2008, doi:10.1109/MSP.2008.101
Usage of this product signifies your acceptance of the Terms of Use.