Data Usage Control Technologies

by Sebas­ti­an Stein­buß

Nowa­days, busi­ness is spur­red by con­ti­nuous­ly exch­an­ging infor­ma­ti­on bet­ween busi­ness part­ners. Howe­ver, data is typi­cal­ly secu­red by access con­trol mecha­nisms only. After access to data has been gran­ted by the­se mecha­nisms, data can be arbi­tra­ri­ly alte­red, copied and dis­se­mi­na­ted by the reci­pi­ent. Data usa­ge con­trol offers pos­si­bi­li­ties to con­trol future data usa­ges bey­ond the initi­al access.

Data usa­ge con­trol and data pro­ven­an­ce are a con­cep­tu­al and tech­ni­cal solu­ti­on to cope with data sov­er­eig­n­ty. As the­re are dif­fe­rent ways to imple­ment data usa­ge con­trol, we pre­sent three approa­ches rese­ar­ched and deve­lo­ped wit­hin Fraun­ho­fer: The MYDATA Con­trol Tech­no­lo­gies, the Logic­ba­sed Usa­ge Con­trol (LUCON) and Degree (D°). Other solu­ti­ons, like MOTIC deci­de and FIWARE based imple­men­ta­ti­ons of Data Usa­ge Con­trol are not cove­r­ed in this text.


MYDATA Con­trol Tech­no­lo­gies (MYDATA for short) is a tech­ni­cal imple­men­ta­ti­on of data sov­er­eig­n­ty, which repres­ents an essen­ti­al com­po­nent for infor­ma­tio­nal self-deter­mi­na­ti­on. It is based on the IND2UCE frame­work for data usa­ge con­trol deve­lo­ped at Fraun­ho­fer IESE. In gene­ral, MYDATA imple­ments data sov­er­eig­n­ty by moni­to­ring or inter­cep­t­ing secu­ri­ty rele­vant data flows. This enab­les fine-grai­ned mas­king and fil­te­ring of data flows in order to make them anony­mous, for examp­le. Com­pa­red to clas­si­cal access con­trol sys­tems, MYDATA can enfor­ce par­ti­al fil­te­ring and mas­king of data, con­text and situa­ti­on restric­tions as well as restric­tions on the pur­po­se of use.


LUCON (Logic based Usa­ge CON­trol) is a poli­cy lan­guage for con­trol­ling data flows bet­ween end­points. The Trus­ted Con­nec­tor uses Apa­che Camel to rou­te messages bet­ween ser­vices (such as MQTT, REST, or OPC-UA end­points). The ways how messages may be pro­ces­sed and pas­sed around bet­ween ser­vices is con­trol­led by LUCON, a simp­le poli­cy lan­guage for mes­sa­ge label­ling and taint tracking. The LUCON poli­cy lan­guage comes with an Eclip­se plugin for syn­tax high­ligh­t­ing, code com­ple­ti­on and com­pi­la­ti­on into a for­mat that is unders­tood by the poli­cy decisi­on point wit­hin the Con­nec­tor.

While LUCON and MYDATA aim at pro­vi­ding usa­ge con­trol for exis­ting app­li­ca­ti­ons and work­flows, D° takes ano­t­her approach. It is a Domain Spe­ci­fic Lan­guage (DSL) for the deve­lo­p­ment of data pro­ces­sing app­li­ca­ti­ons (so cal­led Data Apps) and takes usa­ge con­trol into account from the begin­ning of the deve­lo­p­ment. D° uses Java as host lan­guage. Through the use of Model Dri­ven Soft­ware Deve­lo­p­ment (MDSD) Data Apps which are deve­lo­ped with D° are trans­for­med into Java app­li­ca­ti­ons which are final­ly com­pi­led into exe­cu­ta­ble app­li­ca­ti­ons.

Relationship between data provenance and data usage control

Data pro­ven­an­ce tracking is clo­se­ly rela­ted, but also com­ple­men­ta­ry to dis­tri­bu­t­ed data usa­ge con­trol. Data pro­ven­an­ce tracking allows fin­ding out when, how and by whom data was modi­fied, and which other data influ­en­ced the pro­cess of crea­ting new data items.

Howe­ver, while dis­tri­bu­t­ed data usa­ge con­trol is con­cer­ned with the enfor­ce­ment of rights and duties when exch­an­ging data across sys­tem bounda­ries, the focus of data pro­ven­an­ce tracking is on trans­pa­ren­cy and accoun­ta­bi­li­ty. In other words: While a Poli­cy Enfor­ce­ment Point (PEP) ser­ving for dis­tri­bu­t­ed data usa­ge con­trol in most cases needs to be able to proac­tively inter­cept data usa­ge actions wit­hin the con­trol flow, a PEP for data pro­ven­an­ce tracking only needs to pas­si­ve­ly obser­ve, inter­pret and log data tran­sac­tions and data usa­ge for retro­spec­ti­ve exami­na­ti­on.

In terms of usa­ge con­trol, this kind of enfor­ce­ment is deno­ted as “detec­ti­ve enfor­ce­ment”. Des­pi­te this fact, a data pro­ven­an­ce tracking infra­st­ruc­tu­re can be built upon the same PEPs as dis­tri­bu­t­ed data usa­ge con­trol.

If you want to learn more about Data Usa­ge Con­trol Tech­no­lo­gies, plea­se check out our Posi­ti­on Paper “Usa­ge Con­trol in the Inter­na­tio­nal Data Spaces” here.