Distributed data usage control is about what happens to data once it is
given away ("delete after 30 days;" "notify me if data is forwarded;"
"copy at most twice"). In the past,
we have considered the problem in terms of policies,
enforcement and guarantees from two perspectives:
(a) In order to protect data, it is necessary to distinguish between content
(a song by Elvis called "Love me Tender") and
representations of that content (song.mp3; song.wav, etc.).
This requires data flow-tracking concepts and capabilities
in data usage control frameworks.
(b) These representations exist at different layers of abstraction:
a picture downloaded from the internet exists as pixmap (window manager),
as element in the browser-created DOM tree (application), and
as cache file (operating system). This requires the data flow tracking
capabilities to transcend the single layers to which they are deployed.
In distributed systems, it has turned out that another system
can be seen as another set of abstraction layers,
thus generalizing the basic model. Demo videos of this work are available at
http://www22.in.tum.de/forschung/distributed-usage-control/.
In this talk, we present recent work on extending our approach to not only
protecting entire data items but possibly also fractions of data items. This
allows us to specify and enforce policies such as "not more than 20%
of the data may leave the system", evidently leading to interesting
questions concerning the interpretation of "20%", and if the structure
of data items cannot be exploited. We
present a respective model, an implementation, and first experimental
results.
