Extensible Model and Policy Engine for Usage Control and Policy-Based Governance: Industrial Applications

The main focus of this thesis is applied research targeting industrial applications of Usage Control (UCON) and policy-based governance. Nonetheless, we also tackle an associated core problem to address the diverse requirements of the targeted application domains. The core research problem is three-fold. (1) UCON enacts usage control in a fixed life cycle of three temporal phases: pre, ongoing and post. However, emerging security paradigms require custom and finer-grained lifecycles with phases and transitions tailored for the application domain. For example, data hub applications entail data-oriented usage control throughout the different stages of the data lifecycle (e.g., collection, retention, processing and destruction). Therefore, policy systems must enable custom lifecycles to accommodate a wide variety of applications. (2) Although UCON allows attribute values to change and updates usage decisions accordingly, it does not specify a mechanism to govern attribute values. This becomes necessary in decentralised environments where attributes are collected from external parties that are not necessarily trusted. For this reason, policy systems must incorporate a mechanism to govern attributes, prepare them for policy evaluation and ensure their trustworthiness. (3) Due to its widespread adoption, UCON has been extended and adapted for diverse purposes, leading to a proliferation of frameworks. While these variations added significant contributions in their respective fields, they lack comprehensiveness and generality. Therefore, a unified solution is needed to encompass the existing variations of UCON as well as future applications. By addressing these core problems, we aim to leverage policy-based governance in the following four industrial applications: (1) Industrial/International Data Spaces (IDS), (2) data hubs, (3) smart vehicles, and (4) credential transformation.To address these challenges and fulfil our applied research goals, we present six contributions in this thesis. (1) We propose UCON+: an extensible model that extends beyond traditional access and usage control providing a comprehensive framework for policy-based governance. UCON+ builds on the same foundations of UCON, making it an attribute-based model that incorporates continuous monitoring and policy re-evaluation. However, it only defines general structures and common functions, and outlines extensible behaviour to be implemented by concrete extensions. Specifically, UCON+ allows concrete extensions to govern attribute values and updates, and to specify custom lifecycles tailored for their respective requirements. (2) We introduce a general-purpose policy engine that implements the UCON+ model. The engine conserves an Attribute-Based Access Control (ABAC) baseline using a standard policy language. The policy engine also introduces another type of policies used to govern attribute values, and to define and drive custom lifecycles. Thus, different extensions of UCON+ can be realised within the same policy engine using policies, eliminating the need for reimplementation. The policy engine leverages a modular architecture with an optimised implementation. (3) We demonstrate the use of the policy engine in a cloud service that provides an IDS for contract-based data exchange. We specifically used the policy engine and designed a custom lifecycle to govern and drive the contract negotiation between the data provider and data consumer using policies. We also used the policy engine to govern data usage based on the negotiated data sharing agreement. (4) We also showcase the policy engine in a data hub setting, where we leveraged it to track and govern data objects throughout their lifecycles. We designed a lifecycle that captures the different stages of the data lifecycle based on the General Data Protection Regulation (GDPR). We show how data usage is controlled at each stage of the lifecycle using policies. (5) We present a dynamic identity management and usage control framework for smart vehicles using the policy engine. We specifically introduce a policy-based Security Token Service (STS) that issues contextualised capabilities that specify what subjects are allowed to do within the vehicle. The STS also manages the capabilities throughout their lifecycles and revokes them if the corresponding policies are violated, while also taking safety measures into consideration. (6) Finally, we describe an application of the policy engine for policy-based credential transformation. Specifically, we introduce a policy-based credential bridge that exchanges, aggregates or maps credentials between different domains or regulatory frameworks. The bridge uses policies that specify how to transform or issue credentials according to the requirements of each domain.