5th International Workshop on Data Usage Management
An IEEE CS Security & Privacy Workshop (SPW 2014)
co-located with the IEEE Symposium on Security and Privacy (SP)
Saturday, May 17th, 2014
San Jose, CA, USA
Data usage control generalizes access control to what happens to data in the future and after it has been given away or accessed. Spanning the domains of privacy, the protection of intellectual property and compliance, typical current requirements include "delete after thirty days," "don't delete within five years," "notify whenever data is given away," and "don't print." However, in the near future more general requirements may include "do not use for employment purposes," "do not use for tracking," as well as "do not use to harm me in any way." Major challenges in this field include policies, the relationship between end user actions and technical events, tracking data across layers of abstraction and logical as well as physical systems, policy enforcement, protection of the enforcement mechanisms and guarantees.Following four successful events - the Dagstuhl Seminar on Distributed Usage Control, the W3C Privacy and Data Usage Control Workshop, the WWW 2012 Workshop on Data Usage Management on the Web and the IEEE S&P 2013 Workshop on Data Usage Management - the goal of this workshop is to continue the discussion around current technical developments in usage control and to foster collaboration in the area of usage representation (policies is one mechanism), provenance tracking, misuse identification, and distributed usage enforcement. Though enabling privacy through careful and controlled dissemination of sensitive information is an obvious consequence of usage control, this workshop is interested in understanding data usage control as a whole. The workshop is also interested in discussing domain-specific solutions for semi-controlled environments and their generalization to more open environments such as the Web.