A virtualized usage control bus system
Usage control is an extension of access control that additionally defines what must and must not happen to data after access has been granted. The process of enforcing usage control requirements on data must take into account all the different representations that the data may assume at different levels of abstraction (e.g. file, window content, network packet). Therefore, multiple data flow tracking and usage control enforcement monitors are likely to exist, one at each relevant layer. Whenever data flows from a representation at one layer to a representation at another layer (e.g. a file is loaded and interpreted by an application), then the monitor for the initiating layer (in the example, the operating system) must notify the monitor for the receiving layer (in this example, an application, like a browser) about the data being transfered. This is required in order to associate both representations to the same data. In this paper, we present a bus system to support system-wide usage control enforcement that, for security and performance reasons, is implemented in a hypervisor. We provide an example application for enforcing usage control across layers of abstraction in the context of social networks. We evaluate security and performance of our bus system.