September 11, 2020

Data Usage Control Technologies

Nowadays, business is spurred by continuously exchanging information between business partners. However, data is typically secured by access control mechanisms only. After access to data has been granted by these mechanisms, data can be arbitrarily altered, copied and disseminated by the recipient. Data usage control offers possibilities to control future data usages beyond the initial access.
Sebastian Steinbuß

Data usage control and data provenance are a conceptual and technical solution to cope with data sovereignty. As there are different ways to implement data usage control, we present three approaches researched and developed within Fraunhofer: The MYDATA Control Technologies, the Logicbased Usage Control (LUCON) and Degree (D°). Other solutions, like MOTIC decide and FIWARE based implementations of Data Usage Control are not covered in this text.


MYDATA Control Technologies (MYDATA for short) is a technical implementation of data sovereignty, which represents an essential component for informational self-determination. It is based on the IND2UCE framework for data usage control developed at Fraunhofer IESE. In general, MYDATA implements data sovereignty by monitoring or intercepting security relevant data flows. This enables fine-grained masking and filtering of data flows in order to make them anonymous, for example. Compared to classical access control systems, MYDATA can enforce partial filtering and masking of data, context and situation restrictions as well as restrictions on the purpose of use.


LUCON (Logic based Usage CONtrol) is a policy language for controlling data flows between endpoints. The Trusted Connector uses Apache Camel to route messages between services (such as MQTT, REST, or OPC-UA endpoints). The ways how messages may be processed and passed around between services is controlled by LUCON, a simple policy language for message labelling and taint tracking. The LUCON policy language comes with an Eclipse plugin for syntax highlighting, code completion and compilation into a format that is understood by the policy decision point within the Connector.

While LUCON and MYDATA aim at providing usage control for existing applications and workflows, D° takes another approach. It is a Domain Specific Language (DSL) for the development of data processing applications (so called Data Apps) and takes usage control into account from the beginning of the development. D° uses Java as host language. Through the use of Model Driven Software Development (MDSD) Data Apps which are developed with D° are transformed into Java applications which are finally compiled into executable applications.

Relationship between data provenance and data usage control

Data provenance tracking is closely related, but also complementary to distributed data usage control. Data provenance tracking allows finding out when, how and by whom data was modified, and which other data influenced the process of creating new data items.

However, while distributed data usage control is concerned with the enforcement of rights and duties when exchanging data across system boundaries, the focus of data provenance tracking is on transparency and accountability. In other words: While a Policy Enforcement Point (PEP) serving for distributed data usage control in most cases needs to be able to proactively intercept data usage actions within the control flow, a PEP for data provenance tracking only needs to passively observe, interpret and log data transactions and data usage for retrospective examination.

In terms of usage control, this kind of enforcement is denoted as “detective enforcement”. Despite this fact, a data provenance tracking infrastructure can be built upon the same PEPs as distributed data usage control.

If you want to learn more about Data Usage Control Technologies, please check out our Position Paper “Usage Control in the International Data Spaces” here.

Author: Sebastian Steinbuß
Sebastian Steinbuß is CTO and Lead Architect at IDSA.

Stay updated with us