Abstract: Usage control is concerned with how data is used after access to it has been granted. In existing usage control enforcement frameworks, policies are assumed to exist and the derivation of implementation-level policies from specification-level policies has not been looked into. My doctoral work fills this gap. One challenge in the derivation of policies is the absence of clear semantics of high-level domain-specific constructs like data and action. In my thesis I propose a model-based refinement of these constructs. Using this refinement, I translate usage control policies from the specification to the implementation level. I also provide methodological guidance to partially automate this translation. I have organized my work in two phases: in the first phase the translation is based on static domain structure; in the second phase I extend the solution for dynamic system structure. In this talk I will present the results achieved in the first phase of my work.
Bio: Prachi Kumari is a research student in the Certifiable Trustworthy IT Systems group at the Technical University of Munich which headed by Prof. Dr. Alexander Pretschner. Prachi’s research interests lie in the area of distributed data usage control and data protection.