Karlsruhe Institute of Technology
Usage control is an extension of access control that additionally defines what must and must not happen to data after access has been granted. The process of enforcing usage control requirements on data must take into account all the different representations that the data may assume at different levels of abstraction (e.g. file, window content, network packet). In this paper, the authors present a bus system to support system-wide usage control enforcement that, for security and performance reasons, is implemented in a hypervisor. They provide an example application for enforcing usage control across layers of abstraction in the context of social networks. They evaluate security and performance of their bus system.