%0 Conference Proceedings
%T DUCE: Distributed Usage Control Enforcement for Private Data Sharing in Internet of Things
%+ Changhong
%+ The University of Texas at San Antonio (UTSA)
%+ Tsinghua University [Beijing] (THU)
%A Shi, Na
%A Tang, Bo
%A Sandhu, Ravi
%A Li, Qi
%Z Part 5: Potpourri I
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 35th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
%C Calgary, AB, Canada
%Y Ken Barker
%Y Kambiz Ghazinour
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXV
%V LNCS-12840
%P 278-290
%8 2021-07-19
%D 2021
%R 10.1007/978-3-030-81242-3_16
%K Cloud-enabled Internet of Things
%K Privacy
%K Usage control
%K Blockchain
%K Trusted execution environment.
%Z Computer Science [cs]Conference papers
%X The emerging Cloud-Enabled Internet of Things (CEIoT) is becoming increasingly popular since it enables end users to remotely interact with the connected devices, which collect real-world data and share with diverse cloud services. The shared data will often be sensitive as well as private. According to the General Data Protection Regulation (GDPR), the privacy issue should be addressed by the cloud services and subsequent data custodians. In this paper, we propose DUCE, an enforcement model for distributed usage control for data sharing in CEIoT. DUCE leverages both blockchain and Trusted Execution Environment (TEE) technologies to achieve reliable and continuous life-cycle enforcement for cross-domain data sharing scenarios. The core components of DUCE are distributed Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) to enable reliable execution of usage control policies without a centralized trusted authority. Policy administration is also distributed and controlled by the data owner, who can modify the rules anywhere anytime. The policy rules expressed in eXtensible Access Control Markup Language (XACML) are parsed into smart contracts to be executed on the blockchain service. A detailed explanation of the enforcement process is given for an example “delete-after-use” rule. A prototype system is implemented with an open-source permissioned blockchain system and evaluated on an experimental deployment. The results show reasonable performance and scalability overhead in comparison to OAuth 2.0. We believe additional cross-domain data usage control issues can also be addressed by DUCE.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-03677043/document
%2 https://inria.hal.science/hal-03677043/file/513274_1_En_16_Chapter.pdf
%L hal-03677043
%U https://inria.hal.science/hal-03677043
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-12840