Fraunhofer Institute for Experimental Software Engineering IESE
A flexible and context-sensitive security solution that protects your data comfortably and effectively
In modern company networks, sensitive data are stored, processed, and exchanged around the clock through distributed services, processes, and staff. Comprehensive security measures are necessary to protect your business data from undesirable usage and (possibly unintentional) dissemination. These measures must take into account both malicious external attacks and unintentional wrongful data usage by your own employees. The megatrend towards Cloud Computing entails additional complexity and leads to new information security challenges. Control over your data is particularly important here as the boundaries between domains, systems, and services are becoming increasingly blurred in the Cloud.
Ensuring the security of your intellectual property or your private data goes far beyond simple access control. Even if access was granted, you may want to maintain control over the further usage and dissemination of your digital assets. To do this, data usage control extends the classic access control mechanisms so that the usage of the data can be controlled (control). The originator of the data must be able to know at all times what is happening with their data (transparency). Important issues for achieving these goals are analysis of and controlled intervention in data flows to allow control of the usage of your data depending on the usage situation. Individual data fields, for instance, must be either shown, hidden, or presented in an anonymized form depending on the data recipient or the usage situation. This allows providing and processing data in a user-specific or business-model-specific way.
One important issue for reaching these goals is the analysis of and controlled intervention in data streams in order to be able to control the usage of the data depending on the respective usage situation. For example, individual data fields must be displayed, hidden, or presented in an anonymous form depending on the data recipient or the usage situation. This allows data to be provided and processed in a user-specific or business-model-specific manner.
This is what we offer:
Support in the development and integration of usage control solutions
Data usage control on mobile devices
Elicitation of security policies
Easy-to-use editors for the specification of security policies
Context-sensitive enforcement of security policies
Model-based refinement of security policies based on business processes
Support in the software development process with a focus on data security and data usage control