Stateful Data Usage Control for Android Mobile Devices

Modern mobile devices allow their users to download data from the network, such as documents or photos, to store local copies and to use them. Many real scenarios would benefit from this capability of mobile devices to easily and quickly share data among a set of users but, in case of critical data, the usage of these copies must be regulated by proper security policies. To this aim, we propose a framework for regulating the usage of data when they have been downloaded on mobile devices, i.e., they have been copied outside the producer's domain. Our framework regulates the usage of the local copy by enforcing the Usage Control policy which has been embedded in the data by the producer. Such policy is written in UXACML, an extension of the XACML language for expressing Usage Control model-based policies, whose main feature is to include predicates which must be satisfied for the whole execution of the access to the data. Hence, the proposed framework goes beyond the traditional access control capabilities, being able to interrupt an ongoing access to the data as soon as the policy is no longer satisfied. This paper details the proposed approach, defines the architecture and the workflow of the main functionalities of the proposed framework, describes the implementation of a working prototype for Android devices, presents the related performance figures, and discusses the security of the prototype.