The Community for Technology Leaders
RSS Icon
Issue No.04 - July/August (2008 vol.6)
pp: 44-53
Alexander Pretschner , Swiss Institute of Technology
Manuel Hilty , AdNovum Informatik AG
Florian Sch? , RUAG Electronics
Christian Schaefer , DoCoMo Euro-Labs
Thomas Walter , DoCoMo Euro-Labs
Both personal data and intellectual property must be protected for various reasons. The authors explore the state of the art in usage control, which is about controlling the use of such data after it has been given away, and identify room for improvement.
Usage control, access control, privacy, digital rights management, data protection, audit, computer security
Alexander Pretschner, Manuel Hilty, Florian Sch?, Christian Schaefer, Thomas Walter, "Usage Control Enforcement: Present and Future", IEEE Security & Privacy, vol.6, no. 4, pp. 44-53, July/August 2008, doi:10.1109/MSP.2008.101
1. J. Park and R. Sandhu, "The UCON ABC Usage Control Model," ACM Trans. Information and Systems Security, vol. 7, no. 1, 2004, pp. 128–174.
2. A. Pretschner, M. Hilty, and D. Basin, "Distributed Usage Control," Comm. ACM, vol. 49, no. 9, 2006, pp. 39–44.
3. M. Hilty et al., A System Model and an Obligation Language for Distributed Usage Control, tech. report I-ST-20, DoCoMo Euro-Labs, Dec. 2006; .
4. C. Bettini et al., "Provisions and Obligations in Policy Rule Management," J. Network and System Management, vol. 11, no. 3, 2003, pp. 351–372.
5. D. Povey, "Optimistic Security: A New Access Control Paradigm," Proc. Workshop on New Security Paradigms, ACM, 1999, pp. 40–45.
6. M. Hilty et al., "Usage Control Requirements in Mobile and Ubiquitous Computing Applications," Proc. Int'l. Conf. Systems and Networks Communications, IEEE CS Press, 2006.
7. S. Guth and R. Iannella, Open Digital Rights Language (ODRL) Version 2 Requirements, Feb. 2005;
8. D. Parrott, Requirements for a Rights Data Dictionary and Rights Expression Language, tech. report, Reuters, 2001;
9. European Union, "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 On The Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data," Official Journal L 281, Nov. 1995, pp. 31–50; .
10. Privacy and Identity Management for Europe (Prime) Project, "Requirements v. 1," June 2005; reqs/.
11. M. Hilty et al., "A Policy Language for Distributed Usage Control," Proc. European Symp. Research in Computer Security, Springer-Verlag, 2007, pp. 531–546.
12. X. Wang et al., "XrML—eXtensible Rights Markup Language," Proc. ACM Workshop on XML Security (XMLSEC 02), ACM Press, 2002, pp. 71–79.
13. M. Hilty et al., Enforcement for Usage Control—An Overview of Control Mechanisms, tech. report I-ST-18, DoCoMo Euro-Labs, July 2006; .
14. Digital Content Protection, High-bandwidth Digital Content Protection System - v. 1.1, June 2003; 8006F925-129D-4C12-C87899B5A76EF5C3HDCP_Specification%20Rev1_3.pdf .
15. R. Sandhu et al., "Client-Side Access Control Enforcement Using Trusted Computing and PEI Models," J. High Speed Networks, vol. 15, no. 3, 2006, pp. 229–245.
16. P. Sevinç, M. Strasser, and D. Basin, "Securing the Distribution and Storage of Secrets with Trusted Platform Modules," Proc. IEEE Workshop in Information Security Theory and Practices, LNCS 4462, Springer-Verlag, 2007, pp. 53–66.
17. Marlin Developer Community, "Marlin Architecture Overview," 2006; .
18. Marlin Developer Community, "The Role of Octopus in Marlin," 2006; .
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool