Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB 
Short description of the project
In the GLUE (Generalized Lightweight Usage Control Enforcement) project, we are working with Fraunhofer AISEC and Fraunhofer ISST to develop solutions for the use of distributed usage control in industrial production environments.
Usage control extends classic access control to make it possible to protect data from misuse even while it is being processed in external systems. To this end, security guidelines are first drawn up which contain the specific rules for the legitimate use of the data to be protected. These usage rules are then automatically transmitted to all remote systems that are to receive the data for evaluation, where they are enforced by our usage control components. In this way, it is possible to retain full control over data at all times, even in cross-domain data processing scenarios (data sovereignty). A particular challenge is ensuring the trustworthiness of the underlying infrastructure in order to prevent manipulation of the transferred rules or the executing usage control components.
Project objectives
The aim of the GLUE project is to implement a distributed usage control framework for use cases in the field of Manufacturing-as-a-Service (MaaS). Modern 3D printing makes it possible, for example, to have spare parts for industrial plants manufactured by a service provider on site as required. The blueprints of the spare parts to be printed must be supplied by the manufacturer of the system. However, as these usually contain sensitive know-how, they must not fall into the wrong hands. In addition, it must be prevented that the service provider prints the spare part more frequently than ordered in order to sell the surplus under the table.
Project results
GLUE offers a technical solution to this problem. In this scenario, distributed usage control can be used to prevent the print service provider from forwarding, copying or producing the blueprints received more frequently than agreed. We use an extended version of the widely used Open Digital Rights Language (ODRL) as the rights description language. The GLUE framework also includes mechanisms based on confidential computing to ensure the integrity of the usage control infrastructure. These ensure that the transmitted data can only be read in plain text in a trustworthy environment controlled by GLUE and is always evaluated in accordance with the usage rules.