Distributed Enforcement of Sticky Policies with Flexible Trust

In this paper, we describe an approach to distributed enforcement of sticky policies in heterogeneous hardware and software environments. These heterogeneous environments might have differing mechanisms for attesting to their security capabilities and data sources might specify different levels of trust for different data items. Such an environment requires highly flexible policy specification and enforcement mechanisms. We employ sticky policies that travel with data wherever it travels, and we separate them into two components, a hosting policy and a usage policy. Hosting policies are used to ensure that data are transferred only to entities that are provably capable of providing local enforcement and only further transferring data under the same policies. Usage policies confer access, viewing, and update capabilities on users based on their attributes. The approach is supported by attribute-based certificates and policies, which include what authorities are trusted to certify attributes. In addition to presenting a full description of the approach, we report on a prototype implementation that includes all of the aforementioned components and also makes use of a modified version of Excel we developed to track security labels as data move through spreadsheets that are being shared by multiple users across different systems.