Stateful Data Usage Control for Android Mobile Devices

Modern mobile devices allow their users to download data from the network, such as documents or photos, to store local copies and to use them. Many real scenarios would benefit from this capability of mobile devices to easily and quickly share data among a set of users but, in case of critical data,...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2017-08, Vol.16 (4), p.345-369
Main Authors: Lazouski, Aliaksandr, Martinelli, Fabio, Mori, Paolo, Saracino, Andrea
Format: Article
Language:English
Subjects:
Access control
Coding and Information Theory
Communications Engineering
Computer architecture
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Downloading
Electronic devices
Management of Computing and Information Systems
Networks
Operating Systems
Policies
Regular Contribution
Stability
Workflow
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Modern mobile devices allow their users to download data from the network, such as documents or photos, to store local copies and to use them. Many real scenarios would benefit from this capability of mobile devices to easily and quickly share data among a set of users but, in case of critical data, the usage of these copies must be regulated by proper security policies. To this aim, we propose a framework for regulating the usage of data when they have been downloaded on mobile devices, i.e., they have been copied outside the producer’s domain. Our framework regulates the usage of the local copy by enforcing the Usage Control policy which has been embedded in the data by the producer. Such policy is written in UXACML, an extension of the XACML language for expressing Usage Control model-based policies, whose main feature is to include predicates which must be satisfied for the whole execution of the access to the data. Hence, the proposed framework goes beyond the traditional access control capabilities, being able to interrupt an ongoing access to the data as soon as the policy is no longer satisfied. This paper details the proposed approach, defines the architecture and the workflow of the main functionalities of the proposed framework, describes the implementation of a working prototype for Android devices, presents the related performance figures, and discusses the security of the prototype.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-016-0336-y