Introduction

Fraunhofer stands for applied research and thus, in particular, to bring relevant research results to industry.

In order sharpen the differentiation between our research activities and our product, we decided to introduce a new brand name - MYDATA Control Technologies (short: MYDATA). In the following we differentiate between MYDATA and IND2UCE.

IND2UCE Research

Ensuring the security of your intellectual property or your private data goes far beyond simple access control. Even if access was granted, you may want to maintain control over the further usage and dissemination of your digital assets. To do this, data usage control extends the classic access control mechanisms so that the usage of the data can be controlled.

The Fraunhofer-Institute for Experimental Software Engineering is doing research in this field for almost ten years. In this time, we accomplished more than 15 research projects, and published more than 40 research papers. In 2014, we were awarded with the EARTO innovation award.

Some of our current and past IND2UCE research activities include:

  • Definition and Evaluation of Usage Control Policy Language

  • Context-Aware Security

  • Usable Specification of Security Policies by End Users

  • Transparent Data Use

  • Usable Privacy Dashboards

  • Usage Control Enforcement on different software levels, including

    • Application Level (vwd Mobile Advisory Solution)

    • Operating System Level (Android, OpenBSD)

    • Infrastructure Level (OpenFlow, Apache ServiceMix)

    • Virtualization (VMWare, Hypervisor)

MYDATA Control Technologies

MYDATA Control Technologies is the name of our software products that solve certain practical problems of the IND2UCE research field. The main product is a software for the evaluation, enforcement and management of security and privacy rules, containing three main features: Policy Enforcement, Policy Language and Policy Management.

mydata
Figure 1. MYDATA Control Technologies
  • MYDATA Control Enforcement: MYDATA offers control points for the enforcement of usage policies, which can be easily integrated into target systems. These can filter and mask information at data interfaces. In addition, MYDATA offers the possibility to perform actions using additional components, such as notification by e-mail. The functionality of the control points and action executions can be extended by means of plugins.

  • MYDATA Control Policies: New policies (rules) for data usage can be written at runtime. Among other things, time and frequency-based uses ("Data may only be used 5 times within a day"), situation-based uses ("Sensitive data may not be viewed on business trips") and masked uses ("For the PSD2 service provider, the middle 12 digits of the IBAN are replaced by an X") can be specified.

  • MYDATA Control Management: MYDATA combines the administration of data sovereignty requirements and technical components in a central administration interface.