Biblio

In the light of mobile and ubiquitous computing, sharing sensitive information across different computer systems has become an increasingly prominent practice. This development entails a demand of access control measures that can protect data even after it has been transferred to a remote computer system. In order to address this problem, sophisticated usage control models have been developed. These models include a client side reference monitor (CRM) that continuously enforces protection policies on foreign data. However, it is still unclear how such a CRM can be properly protected in a hostile environment. The user of the data on the client system can influence the client's state and has physical access to the system. Hence technical measures are required to protect the CRM on a system, which is legitimately used by potential attackers. Existing solutions utilize Trusted Platform Modules (TPMs) to solve this problem by establishing an attestable trust anchor on the client. However, the resulting protocols have several drawbacks that make them infeasible for practical use. This work proposes a reference monitor implementation that establishes trust by using TPMs along with Intel SGX enclaves. First we show how SGX enclaves can realize a subset of the existing usage control requirements. Then we add a TPM to establish and protect a powerful enforcement component on the client. Ultimately this allows us to technically enforce usage control policies on an untrusted remote system.

Interactive environments are more and more entering our daily life. Our homes are becoming increasingly smart and so do our working environments. Aiming to provide assistance that is not only suitable to the current situation, but as well for the involved individuals usually comes along with an increased scale of personal data being collected/requested and processed. While this may not be exceptionally critical as long as data does not leave one's smart home, circumstances change dramatically once smart home data is processed by cloud services, and, all the more, as soon as an interactive assistance system is operated by our employer who may have interest in exploiting the data beyond its original purpose, e. g. for secretly evaluating the work performance of his personnel. In this paper we discuss how a federated identity management could be augmented with distributed usage control and trusted computing technology so as to reliably arrange and enforce privacy-related requirements in externally operated interactive environments.