<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta>
      <journal-title-group>
        <journal-title>Journal of Enter</journal-title>
      </journal-title-group>
    </journal-meta>
    <article-meta>
      <article-id pub-id-type="doi">10.1145/2517840</article-id>
      <title-group>
        <article-title>On the need for strong sovereignty in data ecosystems</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Johannes Lohmöller</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Jan Pennekamp</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Roman Matzutt</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Klaus Wehrle</string-name>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>RWTH Aachen University</institution>
          ,
          <addr-line>Aachen</addr-line>
          ,
          <country country="DE">Germany</country>
        </aff>
      </contrib-group>
      <pub-date>
        <year>2013</year>
      </pub-date>
      <volume>6223</volume>
      <fpage>83</fpage>
      <lpage>94</lpage>
      <abstract>
        <p>Data ecosystems are the foundation of emerging data-driven business models as they (i) enable an automated exchange between their participants and (ii) provide them with access to huge and heterogeneous data sources. However, the corresponding benefits come with unforeseen risks as also sensitive information is potentially exposed. Consequently, data security is of utmost importance and, thus, a central requirement for the successful implementation of these ecosystems. Current initiatives, such as IDS and GAIA-X, hence foster sovereign participation via a federated infrastructure where participants retain local control. However, these designs place significant trust in remote infrastructure by mostly implementing organizational security measures such as certification processes prior to admission of a participant. At the same time, due to the sensitive nature of involved data, participants are incentivized to bypass security measures to maximize their own benefit: In practice, this issue significantly weakens sovereignty guarantees. In this paper, we hence claim that data ecosystems must be extended with technical means to reestablish such guarantees. To underpin our position, we analyze promising building blocks and identify three core research directions toward stronger data sovereignty, namely trusted remote policy enforcement, verifiable data tracking, and integration of resource-constrained participants. We conclude that these directions are critical to securely implement data ecosystems in data-sensitive contexts.</p>
      </abstract>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1. Introduction</title>
      <p>
        software and develop defense-in-depth strategies for
protection [4]. Participants receive no additional security
Data-driven business models are an invaluable pillar for guarantees beyond this ahead-of-time certification and
modern industries, and their importance will increase have no means to verify that other participants handle
with growing demands requiring more complex and glob- their data as intended (and required). Here, the lack of
ally distributed operation, as well as sophisticated collab- stronger guarantees efectively ends sovereignty of
parorations to improve the status quo [1]. Data ecosystems ticipants in the moment of sharing.
provide the foundation for such data-driven business In this paper, we argue that data ecosystems need to
models as they center around automating data exchanges provide their participants with strong and continual
guarand value creation based on huge and heterogeneous data antees about the security of their provided data to
mainsources from various stakeholders [
        <xref ref-type="bibr" rid="ref51">2</xref>
        ]. Added value can tain each participant’s data sovereignty. Moreover, driven
be created by, for instance, improving algorithms un- by privacy and security concerns, recent regulatory
efderlying existing analytics or extracting new insights of forts set strict rules on how data may flow across
organipreviously recorded data [3]. Crucially, this process in- zational borders, raising the need for fine-grained
convolves the integration of distributed data sources owned trol [7]. To this end, data ecosystems are only sustainable
by diferent stakeholders. Here, data ecosystem initia- if stakeholders are willing to participate by providing and
tives such as International Data Spaces (IDS) [4] and consuming data actively. However, we argue that
dataGAIA-X [5] aim to provide a trustworthy environment consuming parties are currently incentivized to ignore
for the discovery, sharing, and processing of available previously agreed terms for data usage. Such behavior
data, irrespective of specific domains. hurts data owners as they are not adequately
compen
      </p>
      <p>However, current eforts to establish the necessary sated for the value of the data they provide and questions
trust among stakeholders heavily rely on organizational whether data ecosystems are adequate to exchange data
agreements and processes [6, 4]. For instance, the IDS subject to privacy regulation. Consequently, data owners
certification process asserts that participants use audited might restrict their data-sharing eforts or leave the data
ecosystem entirely. Hence, data ecosystems require solid
Proc. of the First International Workshop on Data Ecosystems (DEco’22), technical measures, such as cryptographically enforceable
September 5, 2022, Sydney, Australia guarantees and verifiable continual security monitoring,
*$C olorrhemspooenllderin@gcaoumthsyosr.rwth-aachen.de (J. Lohmöller); to facilitate the establishment of trust between remote
pennekamp@comsys.rwth-aachen.de (J. Pennekamp); and potentially mutually unknown participants. In this
matzutt@comsys.rwth-aachen.de (R. Matzutt); paper, we provide more background on the current state
wehrle@comsys.rwth-aachen.de (K. Wehrle) of data ecosystems, identify shortcomings of ongoing
0000-0003-2101-5562 (J. Lohmöller); 0000-0003-0398-6904 data ecosystem initiatives, and derive and discuss future
(0J0. 0P0e-n00n0e1k-a7m25p2);-40108060-(0K0.0W2-e4h2r6l3e-)5317 (R. Matzutt); research directions steered toward improving the
sover© 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License eignty and trust of participants in data ecosystems.
CPWrEooUrckReshdoinpgs IhStpN:/c1e6u1r3-w-0s.o7r3g ACttEribUutRion W4.0oInrtekrnsahtioonpal (PCCroBYce4.0e).dings (CEUR-WS.org)</p>
    </sec>
    <sec id="sec-2">
      <title>2. A Primer on Current Data</title>
    </sec>
    <sec id="sec-3">
      <title>Ecosystem Initiatives and their</title>
    </sec>
    <sec id="sec-4">
      <title>Architectures</title>
      <p>operator association
certify</p>
      <p>certify
To ensure a common understanding of the trust issues data owner data user
with today’s data ecosystems, we first briefly introduce data data
data ecosystems, the notion of data sovereignty, and com- provider consumer
mon participants in this context. Moreover, we present a data ecosystem
short overview of data ecosystem initiatives focusing on Figure 1: Participating entities in data ecosystems. Data
their currently implemented security measures. flows from left to right, with data provider and data
con</p>
      <p>
        Ecosystem Goals. The need to share data with col- sumer implementing a common ecosystem interface. The
laborators within specific sectors has been recognized in data ecosystem’s operator also handles orthogonal tasks,
ina variety of domains, including supply chains [8], public cluding admission and discovery of participants and data.
health [
        <xref ref-type="bibr" rid="ref12 ref39 ref47 ref60 ref86 ref97">9, 10</xref>
        ], and mobility [
        <xref ref-type="bibr" rid="ref1">11</xref>
        ]. Here, on the one hand,
data ecosystems aim to provide multi-sided platforms [
        <xref ref-type="bibr" rid="ref51">2</xref>
        ]
that facilitate an automated data exchange following the multiple contexts and values ranging from legislation to
FAIR principle [12], i.e., the ofered data needs to be find- clinical practice and control and power to recognition,
able, accessible, interoperable, and reusable. On the other respectively.
hand, today’s data ecosystems aim to equip data owners Initiatives. Superseding a previously rather tedious
with fine-grained control over their data, including with bilateral exchange, the goal of initiatives like the
Interwhom it will be shared and under what terms. This fine- national Data Spaces (IDS) [
        <xref ref-type="bibr" rid="ref51">3, 2, 21</xref>
        ], GAIA-X [14, 5],
grained control is the foundation of data sovereignty [3]. Data Sharing Coalition [22], IHAN [
        <xref ref-type="bibr" rid="ref81">23</xref>
        ], FIWARE [24],
Achieving these goals requires solving issues w.r.t. or- CEF [25], or BDVA [26] is to establish a universal
platganization [
        <xref ref-type="bibr" rid="ref51">2</xref>
        ], semantics and data quality [13], and in- form to regulate transactions regarding that exchange.
terfacing [14], all of which are currently under active The EU or federal ofices fund such initiatives, facilitating
research. a top-down approach toward establishing a common data
      </p>
      <p>Definitions. So far, we have seen data ecosystems platform. Some initiatives rather bundle forces toward
only as a means for exchanging data as required in emerg- the adoption of data ecosystems in general (Data
Sharing data markets and other use cases [3]. In fact, data eco- ing Coalition, CEF, BDVA), while IHAN, for instance,
systems emerged without a standard definition in mind. is in an early stage, without publicly released
techniOliveira and Lóscio [15] address this gap by reviewing cal documentation so far. Out of the named initiatives,
and merging concurring data ecosystem definitions; as IDS [4], GAIA-X [5], and FIWARE [27] have released
a result, they define a data ecosystem as a combination technical documentation that permit a deeper analysis
of independently operated networks that produce and with regard to implemented data security and trust
meaprovide data, but also other assets like software or ser- sures. Specifically, IDS and GAIA-X both work toward
vices. Furthermore, the authors highlight that such data a standard interface to locate and access data and
proecosystems are self-regulated and driven by collabora- vide an organizational context, including identification,
tion and competition between actors [15]. Additionally, admission, and certification of participants [ 14]. Thus,
we emphasize that data ecosystems form platforms that in the remainder of this paper, we primarily study these
have to define common interfaces and rules to enable general-purpose initiatives. While IDS aims to provide a
collaboration across independent networks. Accordingly, framework under which data spaces can be built quickly,
we refer to data ecosystem participants as networks that e.g., targeting a specific domain with coherent
particiimplement the interfaces and accept the rules defined by pants, GAIA-X plans to establish a single central
crossa given ecosystem. domain platform [14]. Moving toward domain-specific</p>
      <p>Similarly, the notion of data sovereignty, i.e., one of concepts, initial projects such as CATENA-X [28], an
inithe critical concepts of data ecosystems, currently lacks tiative inside the automotive domain, are picking up their
a clear and common definition [ 16]. If used in the con- ideas, while established platforms such as FIWARE [24],
text of data ecosystems, researchers generally agree that a framework to connect smart devices, start to provide
data sovereignty relates to control and ownership of data compatible interfaces [29].
items, together with specific claims and obligations made Architecture. Despite their slightly diferent scopes,
by involved parties [17, 18, 19, 20]. Hence, within this IDS and GAIA-X share a similar architecture, so we
anpaper, we will focus on this aspect of data sovereignty. alyze both initiatives together as data ecosystem
impleTo set this into a broader context, the review by Hum- mentations. Organizing the data exchange, data
ecomel et al. [16] describes data sovereignty as covering systems commonly assign diferent roles to participants.
Figure 1 shows the overall scenario we are considering to- data and enforcing certain duties to be adhered to when
gether with the main participants. A single data exchange processing data. Such a policy could be, for instance,
can be considered bilateral, such that we can suppose the permission to use a dataset for one week, with the
the following roles [4]: First, a data owner legally owns obligation to delete it after that time.
the data to be shared and is interested in enforcing their To implement usage control, IDS utilizes and extends
rights on the data if it is shared. Second, a data provider ODRL [33], a policy language for digital rights
managetakes over the technical part of ofering a dataset to be ment that allows fine-grained modeling of usage terms [ 4].
exchanged on behalf of the data owner. For enforcement, the data owner has to trust that the
con</p>
      <p>While a single entity certainly can take over both roles, suming party abides by the negotiated terms. To this end,
i.e., host the infrastructure to provide their data, in certain he can only rely on the certification of the consumer
resituations, the providing entity does not formally own the quired to join as a participant, but can neither monitor
data. For instance, this situation is the case for electronic the process himself, nor receive a credible proof that
ushealth records owned by patients, which typically do not age terms were enforced. However, since the negotiated
provide the infrastructure on their own. On the receiving contracts might also involve monetary compensation,
side, a data consumer requests and receives the data from the consuming party has incentives to disobey
negotithe provider and passes it to a data user, who processes ated terms, e.g., using data more often than requested,
the exchanged data, e.g., by visualizing it. Again, the sourcing it for other purposes, or sharing it with other
consumer might also fulfill the data user role if both systems or third parties.
processes are co-located. Noteworthy, GAIA-X does not Legal Context. Providing an environment for data
exseparate the data consumer and data user [5], but we change, the IDS builds upon surrounding legal contracts
continue using both terms to separate the logical roles, to equip participants with the means to establish
credias described above. bility with each other [34]. Specifically, such contracts</p>
      <p>Due to the distribution of providers and consumers, regulate the terms of usage and the overall setting, e.g.,
data ecosystems operate as a federation of independent regarding a monetary compensation [4] or a penalty for
deployments that jointly form a decentralized system. breach of contract. Contracts can be bilateral or
multilatThereby, data owners can keep their sensitive datasets eral but will typically not cover the entirety of data space
under their control until they actively decide to share participants [4], thereby limiting spontaneous data
acthem with selected participants. To this end, data eco- cess. Within negotiated legal contracts, data ecosystems
systems enable data sovereignty up to the point where a such as IDS then plan to (automatically) negotiate a
redata sharing decision has been made and data is actually fined technical contract. This refined contract translates
transferred to the data consumer. terms into machine-readable policies that grant specific</p>
      <p>Trust. To not let sovereignty end at the point of data permissions on the exchanged dataset and potential
obliexchange, data ecosystems currently require a certifica- gations [4].
tion of participants. Hence, they ensure that all entities
handling data adhere to a common baseline w.r.t. data
protection. Certification includes, but is not limited to, 3. Data Ecosystems Need Technical
defense-in-depth strategies and security event monitor- Security Guarantees
ing systems [30, 31]. Specifically, the IDS requires prior
certification steps and attests successful certification via Having outlined the fundamental ideas of sovereign data
a public key infrastructure, establishing a trusted iden- exchange and the technical and organizational
frametity layer [4, 14]. Contrarily, GAIA-X does not target work data ecosystems provide, we now critically review
a specific certification but requires participants to pro- the design decisions of security mechanisms implemented
vide a standardized self-description with claims that are in state-of-the-art data ecosystems. To this end, we
anachecked before a participant’s admission [14]. In both lyze the available technical documentation and reference
cases, the ecosystem equips participants with the means architecture for IDS and GAIA-X. Primarily, we identify a
to identify each other and establishes a common ground lack of technical means to facilitate strong security
guarfor mutual trust decisions. antees and establish strong trust between participants.</p>
      <p>Based on the ecosystem-wide identity layer, data eco- Namely, the current ecosystem initiatives can only partly
systems can provide fine-granular access control to data address the security and trust requirements with their
and let data owners limit the target audience they are frail certification-based approaches.
willing to share their data with. However, access control Attacker Model. Guiding our position that data
ecoalone is insuficient, as data sovereignty would end once systems require stronger data protection mechanisms, we
the flow of data between participants took place after apply the notion of a malicious-but-cautions attacker [35].
access has been legitimately granted. Usage control [32] Specifically, the malicious-but-cautious attacker can
miscould possibly fill this gap by granting specific rights on behave in all possible ways but aims not to leave any
verifiable evidence of its misbehavior [ 35]. Compared data owner depends on fortunate coincidence to notice
to an honest-but-curious (or semi-honest) attacker, this malicious behavior retrospectively. Consequently, we
definition includes explicitly local deviation from proto- argue that data owners will refrain from ever sharing
cols unless they are verifiable by externals. With data sensitive data. With such datasets covering
manufacturecosystems exchanging data within established legal con- ing plans [8], the identity of suppliers [39], or
privacytracts, we argue that participants aim to avoid being sued sensitive health records [40] the lack of enforcement
for their misbehavior and hence, have incentives not to guarantees severely limits the kind of data exchangeable.
leave any evidence. To this end, a malicious-but-cautions Hence, such scenarios require stronger data sovereignty
attacker reflects the typical power and incentives of data guarantees than the currently envisioned (weak)
organiecosystem participants who source, process, and utilize zational measures.
somebody else’s data. Partly addressing this issue, IDS can utilize trusted</p>
      <p>Data Security. Current notions of data security in- platform modules (TPMs) as a trust anchor on remote
clude security at-rest, in-transit, and in-use [36]. At-rest systems [4]. However, merely providing verification of
security and in-transit security are considered solved the running software, but essentially lacking memory
problems in the context of data ecosystems as they can encryption, TPMs still contribute little to an efective
use widely available building blocks such as storage en- protection against malicious-but-cautious attackers.
cryption and transport layer security (TLS), respectively I2: Trusted Data Usage Reporting. Besides efective
[4]. Contrarily, in-use data security targets data at the usage control, usage transparency is a second
cornermoment of processing, e.g., when the decrypted data is stone to strong data sovereignty and essential to increase
loaded into memory and is hence more dificult to ensure the participation of data owners. To this end, data
ownand implement. Technical or cryptographic measures ers that grant permissive access to their data shall still
to protect data by providing in-use security include, for be able to track usages of their data in remote systems
instance, hardware-assisted security or homomorphic transparently. Within IDS, a clearing house entity is
encryption [37, 38]. However, despite these measures, designated to address part of this problem by enabling
today’s data ecosystems build their guarantees regarding billing-relevant usage logging [4]. However, similarly
data in-use security upon remote participants’ honesty to I1, there is currently no technically or
cryptographito enforce certain rights on shared data. Unfortunately, cally enforced guarantee that data usage must be logged.
with monetary compensation handled as part of data Hence, data users can easily circumvent the implemented
exchange and transfers entrusted for a specific purpose, logging features of today’s data ecosystems and thereby
incentives to evade enforcement clearly exist. exceed granted usage terms without being caught, such</p>
      <p>Hence, we argue that the following questions are criti- as evading downstream payments for data usage.
cal to the adoption of data ecosystem initiatives in data- I3: Sovereign Participation without Own
Infrassensitive domains: tructure. A third cornerstone of strong data sovereignty
is the free choice of data owners with whom to exchange
• I1: How can data owners trust remote infrastructure to data under which conditions. Within the currently
proenforce their granted rights once data has been shared? posed architecture (cf. Figure 1), data owners entirely
rely on and trust data providers to serve their data within
• I2: How can data owners track their data in a trusted the ecosystem. However, if both roles are distributed
way if processed by remote facilities? between separate entities, similar trust issues as between
• I3: How can participants with little resources maintain the providing and consuming parties also apply here.
sovereignty without requiring them to host their own Specifically, the owner needs to trust the provider to
infrastructure? serve the agreed policies and not misuse data locally.</p>
      <p>Moreover, usage reporting systems must not assume the
In the following, we elaborate on these high-level de- provider to be trusted in this case. Hence, the providing
sign questions regarding strong data sovereignty when side of a data exchange requires the same measures to
implemented in practice. implement reliable trust as the consumer side.</p>
      <p>I1: Trust in Remote Rights Enforcement. A first Takeaway. Today’s data ecosystems only provide data
cornerstone of end-to-end data sovereignty is the guar- protection via organizational means, such that there is no
anteed enforcement of digital rights on remote systems, protection against malicious-but-cautious inside
attacki.e., usage control. However, suppose a privileged user on ers on remote systems. At the same time, monetary data
the consuming side, e.g., a system administrator, copies usage compensation and usage restrictions create
incenexchanged data without leaving traces in audit-relevant tives to evade enforcement mechanisms. Currently, these
logging systems. This unintended behavior renders us- shortcomings limit the applicability of data ecosystems
age control enforcement inefective. While we anticipate to share sensitive datasets and thus need a remedy.
that such an action would violate negotiated terms, the</p>
    </sec>
    <sec id="sec-5">
      <title>4. Toward Stronger Data</title>
    </sec>
    <sec id="sec-6">
      <title>Sovereignty</title>
      <p>insuficient when considering, a malicious-but-cautious
adversary who does not provide a trustworthy
environment for storing or processing the exchanged data.</p>
      <p>The current data ecosystem initiatives strive for seam- Hardware-based Trusted Execution Environments
lessly interconnecting businesses and facilitating the au- (TEEs), such as Intel SGX, AMD SEV, or ARM TrustZone,
tomation of valuable data exchanges. However, in the are promising candidates for closing this gap in the
last section, we identified severe open issues ( I1–I3) that future [49]. The goal of TEEs is to provide a trustworthy
impede each participant’s data sovereignty in situations computing environment that can be established even
where organizational trust mechanisms, such as required on untrusted remote infrastructure. To this end, a
certification prior to admission to the ecosystem, are in- TEE provides an isolated (i.e., memory-encrypted)
suficient. Given the competitive advantage a participant environment for running applications with the ability
can gain by acting in a malicious-but-cautious manner (cf. to verify the integrity of the executed program code
Section 3), these open issues only become more pressing. remotely. A CPU-embedded cryptographic key provides
Hence, with the data sovereignty of their participants in the required trust anchor that allows the data owner to
mind, data ecosystems must deploy additional means to verify correct execution independently of the remote
allow them to establish trust in that new market. host’s operating system [49]. Consequently, TEEs</p>
      <p>In this paper, we argue that only technical means provid- allow for trustworthy remote execution by hiding the
ing strong cryptographic guarantees are suitable to reach program’s execution state and hardening it against
the goal of trustworthy data ecosystems that retain partic- hampering.
ipants’ data sovereignty. Next, we discuss how available Implementing policy enforcement and data processing
building blocks can be integrated into data ecosystems inside such environments has the potential to resolve
to address each of the open issues I1–I3. the trust issues data ecosystems are currently facing.
However, TEE technology is an active field of research,
and current implementations still experience security
4.1. Trusted Remote Policy Enforcement issues [50]. For example, today’s TEE implementations
(I1) are prone to side-channel attacks that allow for limited
data extraction [51]. Countermeasures such as oblivious
RAM [52] are being investigated to fix these
vulnerabilities, and we expect that future enclave designs will
provide further remedies against other technical issues
as they are being discovered. Hence, TEEs are a
promising building block for improving data sovereignty in
data ecosystems via technically enforceable data policies.</p>
      <p>However, further research into hardening TEEs against
unintended security breaches is required to improve their
applicability to data ecosystems. In fact, in a related
context, first work [ 37] demonstrates the applicability of
TEEs in a trusted data sharing setting.</p>
      <p>We thus call for the established initiatives and
researchers to further investigate the utility of TEE technology
for data ecosystems to reliably address the lack of
trustworthy and technically backed policy enforcement.</p>
      <p>The foundation of strong data sovereignty in data
ecosystems is providing data owners with an assurance that
the data ecosystem will enforce terms and conditions
on their behalf. Although today’s data ecosystems lack
trustworthy remote enforcement of data usage terms
(I1), promising building blocks for addressing this issue
are already available and used in other contexts.
Examples of related building blocks are distributed usage
control, trusted execution environments, and diferent
cryptographic schemes. In the following, we discuss
these building blocks, their application areas, and their
relation to data ecosystems.</p>
      <p>Distributed usage control [41, 42, 43, 44, 45, 46] is an
established field of research that focuses on modeling and
technically enforcing usage terms, so-called policies for
data usage. Data ecosystems have already adopted the
notion of policies in their organizational architecture [4, 47].</p>
      <p>However, enforcing these policies proves dificult as the 4.2. Verifiable Data Tracking (I2)
data owner cannot directly observe the misconduct of
a data user or the consequences thereof [48]. Hilty and Besides policy enforcement, establishing transparency
Pretschner [42] hence propose to provide data owners in data usage is equally important to gain data owners’
with evidence of policy enforcement and limit possible trust. For instance, a data owner might consider granting
computations. Both approaches are hard to realize within generous accessibility to their data but require proper
ata data ecosystem as they require some technical trust an- tribution by any data user. In such a case, the data owner
chor on remote systems. Specifically, data ecosystems would profit from technically guaranteed notifications
currently do not ofer such trust anchors as the data user whenever a data user accessed the data.
gains full control over the exchanged data once it has Currently, IDS implements a clearing house instance,
been obtained from the data owner. This situation is which can log data usage if mandated in a policy,
making it transparent to data owners [4]. However, data
users have neither a strict technical constraint to log data 4.3. Integration of Resource-Constrained
usage, nor can the system enforce it by some means. Con- Participants (I3)
sequently, IDS cannot currently provide trusted
monitoring unless data usage can be observed externally. Hence, With the separation between the data provider and data
the current clearing house instance does not solve the owner, data ecosystems also address scenarios that
inproblem of verifiable data tracking ( I2). volve particularly resource-constrained or especially
pri</p>
      <p>Instead, technical or cryptographic means would vacy-aware data owners who are unable or unwilling to
help to incentivize logging. To this end, we consider run the complete infrastructure themselves. However,
transparency logging, data-flow tracking, and distributed infrastructure control is the foundation of self-sovereign
ledger technology promising for establishing verifiable participation in distributed environments [4]. Hence, this
data tracking in data ecosystems. approach is not viable for resource-constrained
partic</p>
      <p>For instance, certificate transparency logging allows ipants. Such participants could be, for instance, small
modern web browsers to reject digital certificates that are to mid-sized enterprises (SMEs) in a supply chain
connot tracked in a public log for auditors to verify [35]. A text, which have no technical expertise to provide the
similar approach might improve data usage transparency infrastructure to participate in a data ecosystem. In this
as well. Namely, cryptographically tying the decryption case, their customers may be capable of assuming the role
of exchanged data or the transfer of results to a publicly of a data provider collecting data from their contracted
verifiable log entry would force data users to log their SMEs and ofering that data on their behalf within the
actions accurately. Such approaches are being researched ecosystem. For instance, large automotive
manufacturin the field of verifiable computing [ 53, 54] and data eco- ers can assume the role of a data provider on behalf of
systems could profit by utilizing corresponding building their, typically numerous, suppliers [8]. In this case,
howblocks. ever, data owners lose their sovereignty and depend on</p>
      <p>Besides logging, related work also proposes data flow trust in their customers. Thus, appropriate (technical)
tracking [55] and data fingerprinting [ 56] to allow for guarantees for such situations are desirable.
identifying the source of identified data breaches after A scenario that would give data owners assurance that
the fact. However, the cryptographic data fingerprints re- their data is treated as intended would be considering the
quired to apply these techniques necessitate knowledge data provider as a diferent party than the data owner;
of the exact data representation and a suficient tolerance however, current ecosystem initiatives do not rigorously
for minor statistical noise in the monitored data [56]. satisfy this demand [4]. Under this assumption, however,
Unfortunately, these fingerprints typically cannot sur- one could implement the same measures discussed in
vive intermediate processing steps [56], rendering them Section 4.1 also on the provider side, i.e., realize a trusted
inapplicable in some situations. Hence, more research data provider. Moreover, concerning usage transparency,
maturing resilient data flow tracking or fingerprinting this scenario requires logs, as discussed in Section 4.2,
techniques is required to determine and improve their to be accessible with no own infrastructure. Hence, not
applicability in the context of data ecosystems. only the consumer-side aspect of logging must be trusted,</p>
      <p>
        Finally, distributed ledger technology has emerged but also the instance that provides logging on behalf of
in recent years with the explicit goal of facilitating dig- data owners.
ital interactions among participants who do not fully
trust each other. While Bitcoin started by establishing 4.4. Summary
a decentralized and publicly accessible digital currency
based on a blockchain [57], it spawned more versatile Cryptographic building blocks that have been
successdistributed ledgers for any information using smart con- fully applied in the past are promising also to address
tracts [
        <xref ref-type="bibr" rid="ref27">58</xref>
        ]. Ultimately, business-focused ledger systems the core issues (I1–I3) currently impeding the data
sovemerged, such as Hyperledger Fabric or Quorum. These ereignty of data owners in today’s data ecosystems. For
architectures can facilitate the event-logging within data instance, TEEs have the potential to provide the
curecosystems and provide a medium for the automated rently missing trust anchor during remote processing
billing of data accesses. (I1). Similarly, concepts currently applied in the
con
      </p>
      <p>To avoid additional privacy or data confidentiality text of certificate transparency logging or distributed
problems, such transparency mechanisms need to take ledger technology may help satisfy the requirement for
privacy into account, e.g., by encrypting log entries [59]. verifiable tracking in data ecosystems ( I2) once they are
Overall, technical building blocks for verifiable data track- adapted to the scalability demands of envisioned
deploying are already available. However, they still need to be ments. Finally, these measures can also potentially be
tailored to the specific verifiable data tracking require- applied when data providers operate on behalf of the
ments for utilization in data ecosystems regarding per- original data owner to incorporate resource-constrained
formance, scalability, flexibility, and privacy. participants in the process (I3).
can provide for their use cases as well as for society in
general.</p>
      <p>Technical Solutions for Data Sharing. Besides
idenThe potential to improve data ecosystems and the need tifying novel use cases for sharing data via data
ecosysto address their current issues has also been recognized tems, other research successfully applied technical and
in previous work. All in all, data ecosystems are subject especially cryptographic building blocks to tackle the
to past and active research alike, especially due to on- general challenges of data sharing in more narrow
scegoing large-scale initiatives. In this section, we present narios. For instance, Huang et al. [78] propose a
datanotable recent research eforts in data ecosystems. Specif- sharing scheme to later identify sources of data breaches
ically, we provide an overview of fundamental research based on oblivious transfers and embedded fingerprints.
regarding the organization of data ecosystems, research Moreover, a variety of work considers sharing data with
eforts investigating the use cases that would benefit from cloud providers [79, 80, 81, 82, 83, 84], which can be
data ecosystems, and works that apply technical security considered conceptually similar to data ecosystems with
measures to facilitate data sharing eforts. multiple stakeholders. Such work includes querying
en</p>
      <p>
        Fundamental Data Ecosystem Advancements. Oli- crypted data [85], attribute- or identity-based
encrypveira and Lóscio [15] survey the components data eco- tion for access control [86, 74, 87, 39], and distributed
systems typically comprise. Furthermore, several works ledgers together with TEEs to enforce accountability and
discuss requirements and possible ways toward imple- access control [37]. Then again, Bonatti et al. [88]
idenmenting data ecosystems in general, i.e., independent of tify correctness and completeness as desirable properties
specific initiatives [
        <xref ref-type="bibr" rid="ref51">14, 2, 3, 60, 13, 61</xref>
        ]. Another line of of transparency mechanisms in data sharing. These
apresearch investigates fundamental challenges faced when proaches to strengthen sovereignty guarantees apply to
implementing (distributed) data sharing systems. Mainly, real-world use cases and might even be translatable for
these challenges engulf transparency requirements [62], use in data ecosystems.
addressing the potential lack of trust between
participants [13, 63, 64], the need for creating a common se- 6. Discussion and Future Work
mantic understanding among all participants [65], and
governance as well as legal constraints [66, 67, 68, 34]. As we have highlighted in Section 3, today’s data
ecosysMore directly targeted to data ecosystems as they are tems mostly rely on organizational means to implement
defined in this work, research considers alternatives to data protection. However, technical building blocks are
the current IDS and GAIA-X initiatives. For instance, already available to address the remaining challenges
FIWARE [24, 29] provides a platform to facilitate data ex- for data sovereignty in data ecosystems by providing
change in an Internet of Things context and is related to stronger guarantees for participants (cf. Section 4).
FiCEF [25]. Furthermore, special-purpose data ecosystems nally, ongoing research eforts (cf. Section 5) have
enare being considered, e.g., by the NFDI initiative [69], visioned that suitable applications of data ecosystems
which focuses on improving the accessibility of research include the handling of privacy-sensitive data, such as
data. Finally, NFDI and FIWARE aim to implement IDS- patient records in medical contexts, but also
confidencompatible interfaces, hence working toward ecosystem tiality demands of critical business data require those
compatibility. guarantees. To this end, data ecosystems must provide a
      </p>
      <p>Use Cases. Another critical aspect of research on framework that allows users to trust the overall system
data ecosystems revolves around the use cases they are w.r.t. enforcing their rights at any time, including
proparticularly well-suited for. Other works have identi- cessing in remote systems after access was granted and
ifed many relevant or desirable use cases in this regard. data was shared.</p>
      <p>
        Among these use cases are the sharing of medical health Based on our analysis of the status quo as well as
onrecords [
        <xref ref-type="bibr" rid="ref12 ref39 ref47 ref60 ref86 ref97">70, 10</xref>
        ], personal data [71], data emerging in going research eforts so far, we discuss in the following
the Industrial Internet of Things [72, 73], and data ex- that overcoming current shortcomings of usage control
change across supply chains, such as in the automotive and stronger hardware-based security measures are
cruindustry [8, 39, 28], that have unique requirements con- cial research directions to sustainably strengthen the data
cerning data confidentiality, data volume, or long-term sovereignty for participants of data ecosystems.
persistency. Further data sharing schemes do not specifi- Shortcomings of Usage Control. With (distributed)
cally target data ecosystems but are conceptually similar, usage control, prior work already addresses the issues
such as applications in medicine [6, 40, 9, 74], for pro- I1–I3 today’s data ecosystems are facing. However, the
duction technology [75, 76], along supply chains [8], or enforcement has not (yet) been thoroughly picked up
in education [77]. We expect that additional domains by recent initiatives, possibly due to the current lack of
will also start to investigate the benefits data ecosystems technical guarantees [48]. Most work in this area either
targets rights modeling (e.g., [41, 89, 90]) or assumes op- strates the applicability of cryptographic mechanisms,
eration on trusted infrastructure (e.g., [91, 92]), which e.g., in certificate transparency. To this end, further
rewe argue does not withstand malicious-but-cautions at- search must investigate how these concepts can support
tackers, as applicable to data ecosystems. Given that transparency in data ecosystems, while not creating new
guaranteed policy enforcement is crucial for sharing sen- privacy issues. Finally, the combination of technically
ensitive datasets within data ecosystems, this question still forceable usage control with usage transparency might
needs to be addressed to allow for a wide-spread adoption also be the first step toward sovereign integration of
of data ecosystems. resource-constrained participants (I3).
      </p>
      <p>With cryptographic and technical solutions, the ways
toward stronger guarantees are two-fold and not
straightforward. The discussed cryptographic approaches to- 7. Conclusion
ward stronger guarantees, i.e., providing usage control
and transparency via cryptographic means, implement Today’s data ecosystems facilitate an automated
the strongest protection among the discussed techniques exchange of data in a standardized manner while
simulbut currently either allow only limited expressiveness taneously providing access to huge and heterogeneous
or sufer from a severe performance penalty. Hence, we data sources. Given that these data exchanges and
argue that they are currently not suited for general ap- corresponding higher-level applications across domains
plication in data ecosystems but should be selectively (e.g., in the automotive industry) also frequently deal
applied for the most sensitive datasets, where the named with sensitive information, including business secrets
limitations and overheads are acceptable [40]. and data subject to privacy regulations, data ecosystems
lutNioenesdpfroovriHdeaardtrwuasrtea-nbcahsoerduSnedceurrtihtey.mHaalircdiwouasr-ebsuot-- umnudsetsiirmabplleeemxepnotsurreelioafbsleensmiteivaesudraetsa. tCourprreenvtelyn,tthaensye
cautious attacker model. Moreover, they are less afected measures are mostly based on organizational means,
by performance penalties and eventually allow the same which we argue, fail to provide suficient guarantees in
operations as standard hardware. However, TPMs, as cur- settings with malicious-but-cautious participants, i.e.,
rently envisaged by the IDS [4], cannot provide adequate participants who aim to remain unnoticed while still
protection of sensitive data due to the lacking memory trying to infer all possible information from the data
encryption. Hence, Trusted Execution Environments ecosystem and associated data exchanges.
(TEEs), despite current known side-channel attacks and We raise the crucial issue that today’s data ecosystems
related weaknesses, seem to be a better choice for strong lack appropriate guarantees w.r.t. confidential processing
guarantees regarding data sovereignty expanding to re- on systems operated by third parties, transparency of data
mote systems. access and usage, and the participation of parties with</p>
      <p>With hardware-based TEEs being available for a few no infrastructure under their control (I1–I3). We have
years, the question arises as to why today’s data eco- further surveyed corresponding technical solutions to
systems do not yet implement TEE-based security. One these issues and highlight that they are available but have
reason might be known weaknesses, which need to be not yet been adopted in practice. To this end, we argue
addressed in future designs. However, these weaknesses that the success of data ecosystems directly depends on
do not seem to hinder deployment in further applications, their ability to address the present need for strong data
as, for instance, Microsoft Azure ofers commercial sup- sovereignty of participants. As such, especially modern
port for TEEs in its cloud service [93]. Hence, we argue technical solutions, such as TEEs, promise to provide data
that data ecosystems should consider employing TEEs owners with strong guarantees of correct data handling,
as a measure to enforce data owner’s rights on remote increasing their willingness to participate in available
infrastructure, which would fill the current gap toward data ecosystems.
implementing end-to-end data sovereignty.</p>
      <p>Future Work. These required research eforts mo- Acknowledgments
tivate our call for future work in the domain of data
ecosystems. Regarding the reliable enforcement of us- Funded by the Deutsche Forschungsgemeinschaft
age terms (I1), future work must address tailoring exist- (DFG, German Research Foundation) under Germany’s
ing data protection schemes to data ecosystems. Here, Excellence Strategy – EXC-2023 Internet of Production –
a promising idea seems to employ TEEs as a trust an- 390621612.
chor on remote infrastructure. However, further research
must clarify to which degree current limitations, such as
performance penalties, afect application within data
ecosystems. Subsequently, this can be integrated with
transparency mechanisms (I2) where current work
demon[87] B. Waters, Ciphertext-Policy Attribute-Based En- Boston, MA, 2010, pp. 133–146. doi:10.1007/
cryption: An Expressive, Eficient, and Provably 978-1-4419-6794-7_11.</p>
      <p>Secure Realization, in: D. Hutchison, T. Kanade, [90] Q. H. Cao, M. Giyyarpuram, R. Farahbakhsh,
J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, N. Crespi, Policy-based usage control for a
trustM. Naor, O. Nierstrasz, C. Pandu Rangan, B. Stef- worthy data sharing platform in smart cities, Future
fen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Generation Computer Systems 107 (2020) 998–1010.
Vardi, G. Weikum, D. Catalano, N. Fazio, R. Gen- doi:10.1016/j.future.2017.05.039.
naro, A. Nicolosi (Eds.), Public Key Cryptogra- [91] F. Cirillo, B. Cheng, R. Porcellana, M. Russo, G.
Solphy – PKC 2011, volume 6571, Springer Berlin maz, H. Sakamoto, S. P. Romano, IntentKeeper:
Heidelberg, Berlin, Heidelberg, 2011, pp. 53–70. Intent-oriented Data Usage Control for Federated
doi:10.1007/978-3-642-19379-8_4. Data Analytics, in: 2020 IEEE 45th Conference
[88] P. Bonatti, S. Kirrane, A. Polleres, R. Wenning, on Local Computer Networks (LCN), IEEE, Sydney,
Transparent Personal Data Processing: The Road NSW, Australia, 2020, pp. 204–215. doi:10.1109/
Ahead, in: S. Tonetta, E. Schoitsch, F. Bitsch LCN48667.2020.9314823.
(Eds.), Computer Safety, Reliability, and Secu- [92] F. Kelbert, A. Pretschner, Data Usage Control for
rity, volume 10489, Springer International Pub- Distributed Systems, ACM Transactions on
Prilishing, Cham, 2017, pp. 337–349. doi:10.1007/ vacy and Security 21 (2018) 1–32. doi:10.1145/
978-3-319-66284-8_28. 3183342.
[89] M. Colombo, A. Lazouski, F. Martinelli, P. Mori, [93] F. Y. Rashid, The rise of confidential computing:
A Proposal on Enhancing XACML with Con- Big tech companies are adopting a new security
tinuous Usage Control Features, in: F. De- model to protect data while it’s in use-[news], IEEE
sprez, V. Getov, T. Priol, R. Yahyapour (Eds.), Spectrum 57 (2020) 8–9.</p>
      <p>Grids, P2P and Services Computing, Springer US,</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [11]
          <string-name>
            <given-names>Z.</given-names>
            <surname>Du</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Wu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T.</given-names>
            <surname>Yoshinaga</surname>
          </string-name>
          ,
          <string-name>
            <surname>K.-L. A. Yau</surname>
            ,
            <given-names>Y.</given-names>
          </string-name>
          <string-name>
            <surname>Ji</surname>
            ,
            <given-names>J.</given-names>
          </string-name>
          <string-name>
            <surname>Li</surname>
          </string-name>
          ,
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          <source>Federated Learning for Vehicular Internet of Things:</source>
          [1]
          <string-name>
            <given-names>J.</given-names>
            <surname>Pennekamp</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Glebke</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Henze</surname>
          </string-name>
          , T. Meisen, Recent Advances and Open Issues, IEEE Open
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          <string-name>
            <given-names>C.</given-names>
            <surname>Quix</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Hai</surname>
          </string-name>
          ,
          <string-name>
            <given-names>L.</given-names>
            <surname>Gleim</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Niemietz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Rudack</surname>
          </string-name>
          ,
          <source>Journal of the Computer Society</source>
          <volume>1</volume>
          (
          <year>2020</year>
          )
          <fpage>45</fpage>
          -
          <lpage>61</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          <string-name>
            <given-names>S.</given-names>
            <surname>Knape</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Epple</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Trauth</surname>
          </string-name>
          , U. Vroomen, T. Bergs, doi:10.1109/OJCS.
          <year>2020</year>
          .
          <volume>2992630</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          <string-name>
            <given-names>C.</given-names>
            <surname>Brecher</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Buhrig-Polaczek</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Jarke</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Wehrle</surname>
          </string-name>
          , [12]
          <string-name>
            <surname>M. D.</surname>
          </string-name>
          Wilkinson et al,
          <source>The FAIR Guiding Princi-</source>
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          <string-name>
            <surname>Production</surname>
          </string-name>
          , in: 2019 IEEE International Conference ship,
          <source>Scientific Data</source>
          <volume>3</volume>
          (
          <year>2016</year>
          )
          <article-title>160018</article-title>
          . doi:
          <volume>10</volume>
          .1038/
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          <source>on Industrial Cyber Physical Systems (ICPS)</source>
          , IEEE, sdata.
          <year>2016</year>
          .
          <volume>18</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          <string-name>
            <surname>Taipei</surname>
          </string-name>
          , Taiwan,
          <year>2019</year>
          , pp.
          <fpage>31</fpage>
          -
          <lpage>37</lpage>
          . doi:
          <volume>10</volume>
          .1109/ [13]
          <string-name>
            <given-names>J.</given-names>
            <surname>Gelhaar</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Otto</surname>
          </string-name>
          , Challenges in the Emergence of
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          <string-name>
            <surname>ICPHYS.</surname>
          </string-name>
          <year>2019</year>
          .
          <volume>8780276</volume>
          . Data Ecosystems, in: Pacific Asia Conference on [2]
          <string-name>
            <given-names>B.</given-names>
            <surname>Otto</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Jarke</surname>
          </string-name>
          ,
          <article-title>Designing a multi-sided data Information Systems (PACIS)</article-title>
          ,
          <year>Dubai</year>
          ,
          <year>2020</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          <article-title>platform: Findings from the International Data [14]</article-title>
          <string-name>
            <given-names>A.</given-names>
            <surname>Braud</surname>
          </string-name>
          ,
          <string-name>
            <given-names>G.</given-names>
            <surname>Fromentoux</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Radier</surname>
          </string-name>
          ,
          <string-name>
            <given-names>O. Le</given-names>
            <surname>Grand</surname>
          </string-name>
          ,
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          <string-name>
            <surname>Spaces</surname>
            <given-names>case</given-names>
          </string-name>
          ,
          <source>Electronic Markets</source>
          <volume>29</volume>
          (
          <year>2019</year>
          )
          <fpage>561</fpage>
          -
          <lpage>580</lpage>
          . The Road to European Digital Sovereignty with
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          <source>doi:10</source>
          .1007/s12525-019-00362-x.
          <article-title>Gaia-X and IDSA</article-title>
          , IEEE Network
          <volume>35</volume>
          (
          <year>2021</year>
          )
          <fpage>4</fpage>
          -
          <lpage>5</lpage>
          . [3]
          <string-name>
            <given-names>B.</given-names>
            <surname>Otto</surname>
          </string-name>
          ,
          <source>Interview with Reinhold Achatz on “Data doi:10</source>
          .1109/MNET.
          <year>2021</year>
          .
          <volume>9387709</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          <string-name>
            <surname>Sovereignty</surname>
            and Data Ecosystems”, Business &amp; [15]
            <given-names>M. I. S.</given-names>
          </string-name>
          <string-name>
            <surname>Oliveira</surname>
            ,
            <given-names>B. F.</given-names>
          </string-name>
          <string-name>
            <surname>Lóscio</surname>
          </string-name>
          ,
          <article-title>What is a data</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref14">
        <mixed-citation>
          <source>Information Systems Engineering</source>
          <volume>61</volume>
          (
          <year>2019</year>
          )
          <fpage>635</fpage>
          -
          <lpage>ecosystem</lpage>
          ?,
          <source>in: Proceedings of the 19th Annual</source>
        </mixed-citation>
      </ref>
      <ref id="ref15">
        <mixed-citation>
          636. doi:
          <volume>10</volume>
          .1007/s12599-019-00609-z. International Conference on Digital Government [4]
          <string-name>
            <given-names>B.</given-names>
            <surname>Otto</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Steinbuss</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Teuscher</surname>
          </string-name>
          , S. Lohmann et Research:
          <article-title>Governance in the Data Age</article-title>
          , ACM,
        </mixed-citation>
      </ref>
      <ref id="ref16">
        <mixed-citation>
          al.,
          <source>IDS Reference Architecture Model (Version 3.0)</source>
          , Delft The Netherlands,
          <year>2018</year>
          , pp.
          <fpage>1</fpage>
          -
          <lpage>9</lpage>
          . doi:
          <volume>10</volume>
          .1145/
        </mixed-citation>
      </ref>
      <ref id="ref17">
        <mixed-citation>
          <year>2019</year>
          .
          <volume>3209281</volume>
          .3209335. [5]
          <string-name>
            <surname>Gaia-X Technical Committee</surname>
          </string-name>
          ,
          <string-name>
            <surname>Gaia-X Architecture</surname>
            [16]
            <given-names>P.</given-names>
          </string-name>
          <string-name>
            <surname>Hummel</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          <string-name>
            <surname>Braun</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          <string-name>
            <surname>Tretter</surname>
          </string-name>
          , P. Dabrock,
        </mixed-citation>
      </ref>
      <ref id="ref18">
        <mixed-citation>
          <string-name>
            <surname>Document</surname>
          </string-name>
          ,
          <year>2021</year>
          .
          <article-title>Data sovereignty: A review, Big Data</article-title>
          &amp; So[6]
          <string-name>
            <given-names>D.</given-names>
            <surname>Froelicher</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Egger</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. S.</given-names>
            <surname>Sousa</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. L.</given-names>
            <surname>Raisaro</surname>
          </string-name>
          , ciety
          <volume>8</volume>
          (
          <year>2021</year>
          )
          <article-title>205395172098201</article-title>
          . doi:
          <volume>10</volume>
          .1177/
        </mixed-citation>
      </ref>
      <ref id="ref19">
        <mixed-citation>
          <string-name>
            <given-names>Z.</given-names>
            <surname>Huang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Mouchet</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Ford</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.-P.</given-names>
            <surname>Hubaux</surname>
          </string-name>
          , UnL-
          <volume>2053951720982012</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref20">
        <mixed-citation>
          <article-title>ynx: A Decentralized System for Privacy-</article-title>
          Conscious [17]
          <string-name>
            <given-names>M.</given-names>
            <surname>Schanzenbach</surname>
          </string-name>
          , Towards Self-sovereign, Decen-
        </mixed-citation>
      </ref>
      <ref id="ref21">
        <mixed-citation>
          <source>Technologies</source>
          <year>2017</year>
          (
          <year>2017</year>
          )
          <fpage>232</fpage>
          -
          <lpage>250</lpage>
          . doi:
          <volume>10</volume>
          .1515/ agement,
          <source>Ph.D. thesis</source>
          ,
          <year>2020</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref22">
        <mixed-citation>
          <string-name>
            <surname>popets-</surname>
          </string-name>
          2017-
          <volume>0047</volume>
          . [18]
          <string-name>
            <given-names>V.</given-names>
            <surname>Pedreira</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Barros</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Pinto</surname>
          </string-name>
          , A Review of At[7]
          <string-name>
            <given-names>D.</given-names>
            <surname>McCabe</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Satariano</surname>
          </string-name>
          ,
          <article-title>The Era of Borderless tacks</article-title>
          ,
          <source>Vulnerabilities, and Defenses in Industry 4</source>
          .
          <fpage>0</fpage>
        </mixed-citation>
      </ref>
      <ref id="ref23">
        <mixed-citation>
          <string-name>
            <surname>Data is Ending</surname>
          </string-name>
          , New York Times (
          <year>2022</year>
          ).
          <article-title>with New Challenges on Data Sovereignty Ahead</article-title>
          , [8]
          <string-name>
            <given-names>L.</given-names>
            <surname>Bader</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Pennekamp</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Matzutt</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Hedderich</surname>
          </string-name>
          , Sensors
          <volume>21</volume>
          (
          <year>2021</year>
          )
          <article-title>5189</article-title>
          . doi:
          <volume>10</volume>
          .3390/s21155189.
        </mixed-citation>
      </ref>
      <ref id="ref24">
        <mixed-citation>
          <string-name>
            <given-names>M.</given-names>
            <surname>Kowalski</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Lücken</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Wehrle</surname>
          </string-name>
          , Blockchain- [19]
          <string-name>
            <given-names>S.</given-names>
            <surname>Couture</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Toupin</surname>
          </string-name>
          ,
          <article-title>What does the notion of</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref25">
        <mixed-citation>
          <article-title>porting lightweight multi-hop information ac-</article-title>
          <source>New Media &amp; Society</source>
          <volume>21</volume>
          (
          <year>2019</year>
          )
          <fpage>2305</fpage>
          -
          <lpage>2322</lpage>
          . doi:10.
        </mixed-citation>
      </ref>
      <ref id="ref26">
        <mixed-citation>
          <string-name>
            <surname>countability</surname>
          </string-name>
          ,
          <source>Information Processing &amp; Manage- 1177/1461444819865984.</source>
        </mixed-citation>
      </ref>
      <ref id="ref27">
        <mixed-citation>
          <source>ment 58</source>
          (
          <year>2021</year>
          )
          <article-title>102529</article-title>
          . doi:
          <volume>10</volume>
          .1016/j.ipm.
          <year>2021</year>
          . [20]
          <string-name>
            <given-names>K.</given-names>
            <surname>Irion</surname>
          </string-name>
          , Government Cloud Computing and Na-
        </mixed-citation>
      </ref>
      <ref id="ref28">
        <mixed-citation>
          102529. tional Data Sovereignty: Government Cloud Com[9]
          <string-name>
            <given-names>H.</given-names>
            <surname>Ma</surname>
          </string-name>
          , R. Zhang,
          <string-name>
            <given-names>G.</given-names>
            <surname>Yang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Song</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>He</surname>
          </string-name>
          ,
          <string-name>
            <surname>Y.</surname>
          </string-name>
          <article-title>Xiao, puting and National Data Sovereignty</article-title>
          , Policy &amp;
        </mixed-citation>
      </ref>
      <ref id="ref29">
        <mixed-citation>
          <string-name>
            <surname>Eficient</surname>
          </string-name>
          Fine-Grained
          <source>Data Sharing Mechanism Internet</source>
          <volume>4</volume>
          (
          <year>2012</year>
          )
          <fpage>40</fpage>
          -
          <lpage>71</lpage>
          . doi:
          <volume>10</volume>
          .1002/poi3.
          <fpage>10</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref30">
        <mixed-citation>
          <source>for Electronic Medical Record Systems with Mo</source>
          <volume>-</volume>
          [21]
          <string-name>
            <given-names>S. R.</given-names>
            <surname>Bader</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Maleshkova</surname>
          </string-name>
          , SOLIOT-Decentralized
        </mixed-citation>
      </ref>
      <ref id="ref31">
        <mixed-citation>
          <source>and Secure Computing</source>
          <volume>17</volume>
          (
          <year>2020</year>
          )
          <fpage>1026</fpage>
          -
          <lpage>1038</lpage>
          . doi:10. net 12 (
          <year>2020</year>
          )
          <article-title>105</article-title>
          . doi:
          <volume>10</volume>
          .3390/fi12060105.
        </mixed-citation>
      </ref>
      <ref id="ref32">
        <mixed-citation>
          1109/TDSC.
          <year>2018</year>
          .
          <volume>2844814</volume>
          . [22]
          <string-name>
            <given-names>Data</given-names>
            <surname>Sharing Coalition</surname>
          </string-name>
          , https: [10]
          <string-name>
            <given-names>A.</given-names>
            <surname>Appenzeller</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Bartholomaus</surname>
          </string-name>
          , R. Breitschwerdt, //datasharingcoalition.eu/
        </mixed-citation>
      </ref>
      <ref id="ref33">
        <mixed-citation>
          <string-name>
            <given-names>C.</given-names>
            <surname>Claussen</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Geisler</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T.</given-names>
            <surname>Hartz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Kachel</surname>
          </string-name>
          ,
          <string-name>
            <surname>E.</surname>
          </string-name>
          <article-title>Krem- about-the-data-sharing-</article-title>
          <string-name>
            <surname>coalition</surname>
            <given-names>/</given-names>
          </string-name>
          ,
          <year>2022</year>
          . Ac-
        </mixed-citation>
      </ref>
      <ref id="ref34">
        <mixed-citation>
          <string-name>
            <surname>pel</surname>
            , S. Robert,
            <given-names>S. R.</given-names>
          </string-name>
          <string-name>
            <surname>Zeissig</surname>
          </string-name>
          , Towards Distributed cessed
          <year>2022</year>
          -
          <volume>08</volume>
          -09.
        </mixed-citation>
      </ref>
      <ref id="ref35">
        <mixed-citation>
          <string-name>
            <surname>Healthcare Systems - Virtual Data</surname>
          </string-name>
          Pooling Between [23] IHAN, https://ihan.fi/,
          <source>2022. Accessed</source>
          <year>2022</year>
          -
          <volume>08</volume>
          -09.
        </mixed-citation>
      </ref>
      <ref id="ref36">
        <mixed-citation>
          <article-title>Cancer Registries as Backbone of Care</article-title>
          and Re- [24]
          <string-name>
            <given-names>F.</given-names>
            <surname>Cirillo</surname>
          </string-name>
          ,
          <string-name>
            <given-names>G.</given-names>
            <surname>Solmaz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E. L.</given-names>
            <surname>Berz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Bauer</surname>
          </string-name>
          , B. Cheng,
        </mixed-citation>
      </ref>
      <ref id="ref37">
        <mixed-citation>
          search, in: 2021 IEEE/ACS 18th International
          <string-name>
            <surname>Con- E. Kovacs</surname>
            ,
            <given-names>A</given-names>
          </string-name>
          <string-name>
            <surname>Standard-Based Open</surname>
          </string-name>
          Source IoT
        </mixed-citation>
      </ref>
      <ref id="ref38">
        <mixed-citation>
          <source>(AICCSA)</source>
          , IEEE, Tangier, Morocco,
          <year>2021</year>
          , pp.
          <fpage>1</fpage>
          -
          <lpage>8</lpage>
          . azine 2 (
          <year>2019</year>
          )
          <fpage>12</fpage>
          -
          <lpage>18</lpage>
          . doi:
          <volume>10</volume>
          .1109/IOTM.0001.
        </mixed-citation>
      </ref>
      <ref id="ref39">
        <mixed-citation>
          <source>doi:10.1109/AICCSA53542</source>
          .
          <year>2021</year>
          .
          <volume>9686918</volume>
          . 1800022. [25]
          <string-name>
            <given-names>CEF</given-names>
            <surname>Digital</surname>
          </string-name>
          , https://ec.europa.eu/cefdigital/wiki/ Kingdom,
          <year>2019</year>
          , pp.
          <fpage>45</fpage>
          -
          <lpage>56</lpage>
          . doi:
          <volume>10</volume>
          .1145/3338469.
        </mixed-citation>
      </ref>
      <ref id="ref40">
        <mixed-citation>
          display/CEFDIGITAL/CEF+Digital+Home,
          <year>2022</year>
          .
          <volume>3358944</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref41">
        <mixed-citation>
          <string-name>
            <surname>Accessed</surname>
          </string-name>
          2022-
          <volume>08</volume>
          -09. [39]
          <string-name>
            <given-names>S.</given-names>
            <surname>Malik</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N.</given-names>
            <surname>Gupta</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Dedeoglu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S. S.</given-names>
            <surname>Kanhere</surname>
          </string-name>
          , R. Jur[26]
          <string-name>
            <given-names>Big</given-names>
            <surname>Data Value Association</surname>
          </string-name>
          , https://www.bdva.eu/, dak, TradeChain: Decoupling Traceability and Iden-
        </mixed-citation>
      </ref>
      <ref id="ref42">
        <mixed-citation>
          2022. Accessed 2022-
          <volume>08</volume>
          -09. tity in Blockchain enabled Supply Chains (
          <year>2021</year>
          ).
          <source>[27] ETSI GR CIM 007 V1.1</source>
          .1: Security and Privacy, Tech- doi:10.48550/ARXIV.2105.11217.
        </mixed-citation>
      </ref>
      <ref id="ref43">
        <mixed-citation>
          <source>nical Report</source>
          , France,
          <year>2022</year>
          . [40]
          <string-name>
            <given-names>D.</given-names>
            <surname>Froelicher</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. R.</given-names>
            <surname>Troncoso-Pastoriza</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. L.</given-names>
            <surname>Rais</surname>
          </string-name>
          [28]
          <string-name>
            <given-names>O.</given-names>
            <surname>Voß</surname>
          </string-name>
          , Catena-X:
          <article-title>Datenstandards für die Auto- aro, M. A</article-title>
          .
          <string-name>
            <surname>Cuendet</surname>
            ,
            <given-names>J. S.</given-names>
          </string-name>
          <string-name>
            <surname>Sousa</surname>
            ,
            <given-names>H.</given-names>
          </string-name>
          <string-name>
            <surname>Cho</surname>
            ,
            <given-names>B.</given-names>
          </string-name>
          <string-name>
            <surname>Berger</surname>
          </string-name>
          ,
        </mixed-citation>
      </ref>
      <ref id="ref44">
        <mixed-citation>
          &amp;
          <string-name>
            <surname>KI</surname>
          </string-name>
          (
          <year>2021</year>
          ).
          <article-title>Federated Analytics for Precision Medicine with [29] Á</article-title>
          .
          <string-name>
            <surname>Alonso</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          <string-name>
            <surname>Pozo</surname>
            ,
            <given-names>J.</given-names>
          </string-name>
          <string-name>
            <surname>Cantera</surname>
          </string-name>
          , F. de la Vega, J. Hi- Multiparty Homomorphic Encryption, Preprint,
        </mixed-citation>
      </ref>
      <ref id="ref45">
        <mixed-citation>
          <string-name>
            <surname>erro</surname>
          </string-name>
          ,
          <source>Industrial Data Space Architecture Imple- Bioinformatics</source>
          ,
          <year>2021</year>
          . doi:
          <volume>10</volume>
          .1101/
          <year>2021</year>
          .02.24.
        </mixed-citation>
      </ref>
      <ref id="ref46">
        <mixed-citation>
          <string-name>
            <surname>mentation Using</surname>
            <given-names>FIWARE</given-names>
          </string-name>
          ,
          <source>Sensors</source>
          <volume>18</volume>
          (
          <year>2018</year>
          )
          <volume>2226</volume>
          .
          <fpage>432489</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref47">
        <mixed-citation>
          <source>doi:10</source>
          .3390/s18072226. [41]
          <string-name>
            <given-names>J.</given-names>
            <surname>Park</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Sandhu</surname>
          </string-name>
          ,
          <source>The UCON ABC usage control</source>
          [30]
          <string-name>
            <given-names>N.</given-names>
            <surname>Menz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Resetko</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Otto</surname>
          </string-name>
          ,
          <article-title>Framework for the IDS model</article-title>
          ,
          <source>ACM Transactions on Information and</source>
        </mixed-citation>
      </ref>
      <ref id="ref48">
        <mixed-citation>
          <source>Certification Scheme 2.0</source>
          ,
          <string-name>
            <surname>Technical</surname>
            <given-names>Report</given-names>
          </string-name>
          , IDSA,
          <source>System Security</source>
          <volume>7</volume>
          (
          <year>2004</year>
          )
          <fpage>128</fpage>
          -
          <lpage>174</lpage>
          . doi:
          <volume>10</volume>
          .1145/
        </mixed-citation>
      </ref>
      <ref id="ref49">
        <mixed-citation>
          2019. doi:
          <volume>10</volume>
          .5281/ZENODO.5244858. 984334.984339. [31]
          <string-name>
            <given-names>CEN</given-names>
            <surname>European</surname>
          </string-name>
          <article-title>Committee for Standardization</article-title>
          , In- [42]
          <string-name>
            <given-names>M.</given-names>
            <surname>Hilty</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Basin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Pretschner</surname>
          </string-name>
          , On Obligations,
        </mixed-citation>
      </ref>
      <ref id="ref50">
        <mixed-citation>
          <source>ments (ISO/IEC 27001:2013 including Cor</source>
          <volume>1</volume>
          :2014 strasz, C. Pandu
          <string-name>
            <surname>Rangan</surname>
            ,
            <given-names>B.</given-names>
          </string-name>
          <string-name>
            <surname>Stefen</surname>
          </string-name>
          , M. Sudan,
        </mixed-citation>
      </ref>
      <ref id="ref51">
        <mixed-citation>
          <source>and Cor</source>
          <volume>2</volume>
          :
          <year>2015</year>
          ),
          <year>2017</year>
          . D.
          <string-name>
            <surname>Terzopoulos</surname>
            ,
            <given-names>D.</given-names>
          </string-name>
          <string-name>
            <surname>Tygar</surname>
            ,
            <given-names>M. Y.</given-names>
          </string-name>
          <string-name>
            <surname>Vardi</surname>
            , G. Weikum, [32]
            <given-names>A.</given-names>
          </string-name>
          <string-name>
            <surname>Pretschner</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          <string-name>
            <surname>Hilty</surname>
            ,
            <given-names>F.</given-names>
          </string-name>
          <string-name>
            <surname>Schütz</surname>
            ,
            <given-names>C.</given-names>
          </string-name>
          <string-name>
            <surname>Schaefer</surname>
          </string-name>
          , S. d. C. di
          <string-name>
            <surname>Vimercati</surname>
            ,
            <given-names>P.</given-names>
          </string-name>
          <string-name>
            <surname>Syverson</surname>
          </string-name>
          , D. Gollmann
        </mixed-citation>
      </ref>
      <ref id="ref52">
        <mixed-citation>
          <string-name>
            <given-names>T.</given-names>
            <surname>Walter</surname>
          </string-name>
          , Usage Control Enforcement: Present (Eds.),
          <source>Computer Security - ESORICS</source>
          <year>2005</year>
          , volume
        </mixed-citation>
      </ref>
      <ref id="ref53">
        <mixed-citation>
          <source>and Future, IEEE Security &amp; Privacy Magazine 6 3679</source>
          , Springer Berlin Heidelberg, Berlin, Heidel-
        </mixed-citation>
      </ref>
      <ref id="ref54">
        <mixed-citation>
          (
          <year>2008</year>
          )
          <fpage>44</fpage>
          -
          <lpage>53</lpage>
          . doi:
          <volume>10</volume>
          .1109/MSP.
          <year>2008</year>
          .
          <volume>101</volume>
          . berg,
          <year>2005</year>
          , pp.
          <fpage>98</fpage>
          -
          <lpage>117</lpage>
          . doi:
          <volume>10</volume>
          .1007/11555827_ [33]
          <string-name>
            <given-names>R.</given-names>
            <surname>Ianella</surname>
          </string-name>
          ,
          <article-title>Open digital rights language (ODRL), 7</article-title>
          .
        </mixed-citation>
      </ref>
      <ref id="ref55">
        <mixed-citation>
          <string-name>
            <given-names>Open</given-names>
            <surname>Content Licensing</surname>
          </string-name>
          : Cultivating the Creative [43]
          <string-name>
            <given-names>M.</given-names>
            <surname>Hilty</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Pretschner</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Basin</surname>
          </string-name>
          , C. Schaefer,
        </mixed-citation>
      </ref>
      <ref id="ref56">
        <mixed-citation>
          <string-name>
            <surname>Commons</surname>
          </string-name>
          (
          <year>2007</year>
          ). T.
          <string-name>
            <surname>Walter</surname>
            ,
            <given-names>A Policy</given-names>
          </string-name>
          <string-name>
            <surname>Language for Distributed Us</surname>
            [34]
            <given-names>A.</given-names>
          </string-name>
          <string-name>
            <surname>Duisberg</surname>
          </string-name>
          ,
          <article-title>Legal Aspects of IDS: Data Sovereignty age Control</article-title>
          , in: D.
          <string-name>
            <surname>Hutchison</surname>
            ,
            <given-names>T.</given-names>
          </string-name>
          <string-name>
            <surname>Kanade</surname>
          </string-name>
          , J. Kit-
        </mixed-citation>
      </ref>
      <ref id="ref57">
        <mixed-citation>
          <string-name>
            <surname>Springer</surname>
          </string-name>
          ,
          <year>2022</year>
          . M.
          <string-name>
            <surname>Naor</surname>
            ,
            <given-names>O.</given-names>
          </string-name>
          <string-name>
            <surname>Nierstrasz</surname>
            ,
            <given-names>C.</given-names>
          </string-name>
          <string-name>
            <surname>Pandu Rangan</surname>
            ,
            <given-names>B.</given-names>
          </string-name>
          <string-name>
            <surname>Stefen</surname>
          </string-name>
          , [35]
          <string-name>
            <surname>M. D. Ryan</surname>
          </string-name>
          ,
          <string-name>
            <surname>Enhanced Certificate Transparency M. Sudan</surname>
            ,
            <given-names>D.</given-names>
          </string-name>
          <string-name>
            <surname>Terzopoulos</surname>
            ,
            <given-names>D.</given-names>
          </string-name>
          <string-name>
            <surname>Tygar</surname>
          </string-name>
          , M. Y. Vardi,
        </mixed-citation>
      </ref>
      <ref id="ref58">
        <mixed-citation>
          <article-title>2014 Network and Distributed System Security Security - ESORICS</article-title>
          <year>2007</year>
          , volume
          <volume>4734</volume>
          , Springer
        </mixed-citation>
      </ref>
      <ref id="ref59">
        <mixed-citation>
          <string-name>
            <surname>Symposium</surname>
          </string-name>
          , Internet Society, San Diego, CA,
          <year>2014</year>
          . Berlin Heidelberg, Berlin, Heidelberg,
          <year>2007</year>
          , pp.
          <fpage>531</fpage>
          -
        </mixed-citation>
      </ref>
      <ref id="ref60">
        <mixed-citation>
          <source>doi:10</source>
          .14722/ndss.
          <year>2014</year>
          .
          <volume>23379</volume>
          . 546. doi:
          <volume>10</volume>
          .1007/978-3-
          <fpage>540</fpage>
          -74835-9_
          <fpage>35</fpage>
          . [36]
          <string-name>
            <given-names>L.</given-names>
            <surname>kacha</surname>
          </string-name>
          , A.
          <string-name>
            <surname>Zitouni</surname>
            , An Overview on [44]
            <given-names>F.</given-names>
          </string-name>
          <string-name>
            <surname>Kelbert</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          <string-name>
            <surname>Pretschner</surname>
          </string-name>
          ,
          <article-title>Data usage control en-</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref61">
        <mixed-citation>
          <source>ume 661</source>
          ,
          <year>2018</year>
          , pp.
          <fpage>250</fpage>
          -
          <lpage>261</lpage>
          . doi:
          <volume>10</volume>
          .1007/ ings of the
          <source>Third ACM Conference on Data and</source>
        </mixed-citation>
      </ref>
      <ref id="ref62">
        <mixed-citation>
          978-3-
          <fpage>319</fpage>
          -67618-0_
          <fpage>23</fpage>
          . arXiv:
          <year>1812</year>
          .09053. Application Security and Privacy - CODASPY '
          <fpage>13</fpage>
          , [37]
          <string-name>
            <given-names>H.</given-names>
            <surname>Lei</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Yan</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Bao</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Q.</given-names>
            <surname>Wang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Zhang</surname>
          </string-name>
          , W. Shi, ACM Press, San Antonio, Texas, USA,
          <year>2013</year>
          , p.
          <fpage>71</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref63">
        <mixed-citation>
          <string-name>
            <surname>SDSBT: A Secure Multi-party Data Sharing</surname>
          </string-name>
          Plat- doi:10.1145/2435349.2435358.
        </mixed-citation>
      </ref>
      <ref id="ref64">
        <mixed-citation>
          <source>form Based on Blockchain and TEE</source>
          , in: J. Cheng, [45]
          <string-name>
            <given-names>F.</given-names>
            <surname>Kelbert</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Pretschner</surname>
          </string-name>
          , A Fully Decentralized
        </mixed-citation>
      </ref>
      <ref id="ref65">
        <mixed-citation>
          <string-name>
            <surname>curity</surname>
          </string-name>
          , volume
          <volume>12653</volume>
          , Springer International Pub- T. Malkin,
          <string-name>
            <given-names>V.</given-names>
            <surname>Kolesnikov</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. B.</given-names>
            <surname>Lewko</surname>
          </string-name>
          , M. Polychron-
        </mixed-citation>
      </ref>
      <ref id="ref66">
        <mixed-citation>
          <string-name>
            <surname>lishing</surname>
          </string-name>
          , Cham,
          <year>2021</year>
          , pp.
          <fpage>184</fpage>
          -
          <lpage>196</lpage>
          . doi:
          <volume>10</volume>
          .1007/ akis (Eds.), Applied Cryptography and Network
        </mixed-citation>
      </ref>
      <ref id="ref67">
        <mixed-citation>
          978-3-
          <fpage>030</fpage>
          -73671-2_
          <fpage>17</fpage>
          .
          <string-name>
            <surname>Security</surname>
          </string-name>
          , volume
          <volume>9092</volume>
          , Springer International Pub[38]
          <string-name>
            <given-names>F.</given-names>
            <surname>Boemer</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Costache</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Cammarota</surname>
          </string-name>
          , C. Wierzyn- lishing, Cham,
          <year>2015</year>
          , pp.
          <fpage>409</fpage>
          -
          <lpage>430</lpage>
          . doi:
          <volume>10</volume>
          .1007/
        </mixed-citation>
      </ref>
      <ref id="ref68">
        <mixed-citation>
          <string-name>
            <surname>ski</surname>
          </string-name>
          , nGraph-
          <fpage>HE2</fpage>
          :
          <string-name>
            <given-names>A</given-names>
            <surname>High-Throughput Framework</surname>
          </string-name>
          978-3-
          <fpage>319</fpage>
          -28166-7_
          <fpage>20</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref69">
        <mixed-citation>
          <source>for Neural Network Inference on Encrypted Data</source>
          , [46]
          <string-name>
            <given-names>I.</given-names>
            <surname>Akaichi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Kirrane</surname>
          </string-name>
          ,
          <string-name>
            <surname>Usage Control</surname>
          </string-name>
          Specifi-
        </mixed-citation>
      </ref>
      <ref id="ref70">
        <mixed-citation>
          <source>in: Proceedings of the 7th ACM Workshop on En- cation</source>
          , Enforcement, and
          <string-name>
            <surname>Robustness</surname>
          </string-name>
          : A Survey,
        </mixed-citation>
      </ref>
      <ref id="ref71">
        <mixed-citation>
          <source>crypted Computing &amp; Applied Homomorphic Cryp- arXiv:2203</source>
          .04800 [cs] (
          <year>2022</year>
          ). arXiv:
          <volume>2203</volume>
          .
          <fpage>04800</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref72">
        <mixed-citation>
          <source>tography - WAHC'19</source>
          , ACM Press, London, United [47]
          <string-name>
            <given-names>S.</given-names>
            <surname>Steinbuss</surname>
          </string-name>
          , et. al, Usage Control in the Interna-
        </mixed-citation>
      </ref>
      <ref id="ref73">
        <mixed-citation>
          <string-name>
            <surname>tional Data</surname>
            <given-names>Spaces</given-names>
          </string-name>
          ,
          <year>2021</year>
          . [69]
          <string-name>
            <given-names>N. L.</given-names>
            <surname>Weisweiler</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Bertelmann</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Braesicke</surname>
          </string-name>
          , Education Material, in: 2020 International Con-
        </mixed-citation>
      </ref>
      <ref id="ref74">
        <mixed-citation>
          <string-name>
            <surname>gle</surname>
            ,
            <given-names>Y.</given-names>
          </string-name>
          <string-name>
            <surname>Sure-Vetter</surname>
            ,
            <given-names>N.</given-names>
          </string-name>
          <string-name>
            <surname>Villacorta</surname>
          </string-name>
          , Helmholtz Open Barcelona, Spain,
          <year>2020</year>
          , pp.
          <fpage>529</fpage>
          -
          <lpage>534</lpage>
          . doi:
          <volume>10</volume>
          .1109/
        </mixed-citation>
      </ref>
      <ref id="ref75">
        <mixed-citation>
          <source>Science Briefing: Helmholtz in der Nationalen ICOIN48656</source>
          .
          <year>2020</year>
          .
          <volume>9016478</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref76">
        <mixed-citation>
          <string-name>
            <surname>Forschungsdateninfrastruktur (NFDI): Report</surname>
            des [78]
            <given-names>C.</given-names>
          </string-name>
          <string-name>
            <surname>Huang</surname>
            ,
            <given-names>D.</given-names>
          </string-name>
          <string-name>
            <surname>Liu</surname>
            ,
            <given-names>J.</given-names>
          </string-name>
          <string-name>
            <surname>Ni</surname>
            ,
            <given-names>R.</given-names>
          </string-name>
          <string-name>
            <surname>Lu</surname>
            ,
            <given-names>X.</given-names>
          </string-name>
          <string-name>
            <surname>Shen</surname>
          </string-name>
          , Achieving
        </mixed-citation>
      </ref>
      <ref id="ref77">
        <mixed-citation>
          <string-name>
            <surname>port</surname>
          </string-name>
          , Helmholtz Open Science Ofice,
          <year>2021</year>
          . doi: 10. trial Internet of Things, IEEE Transactions on In-
        </mixed-citation>
      </ref>
      <ref id="ref78">
        <mixed-citation>
          <source>48440/OS.HELMHOLTZ.030. dustrial Informatics</source>
          <volume>17</volume>
          (
          <year>2021</year>
          )
          <fpage>1416</fpage>
          -
          <lpage>1427</lpage>
          . doi:10. [70]
          <string-name>
            <given-names>J.</given-names>
            <surname>Scheibner</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. L.</given-names>
            <surname>Raisaro</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. R.</given-names>
            <surname>Troncoso-Pastoriza</surname>
          </string-name>
          , 1109/TII.
          <year>2020</year>
          .
          <volume>2982942</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref79">
        <mixed-citation>
          <string-name>
            <given-names>M.</given-names>
            <surname>Ienca</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Fellay</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E.</given-names>
            <surname>Vayena</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.-P.</given-names>
            <surname>Hubaux</surname>
          </string-name>
          , Revo- [79]
          <string-name>
            <given-names>J.</given-names>
            <surname>Shen</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T.</given-names>
            <surname>Zhou</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>He</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Zhang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>X.</given-names>
            <surname>Sun</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y.</given-names>
            <surname>Xiang</surname>
          </string-name>
          ,
        </mixed-citation>
      </ref>
      <ref id="ref80">
        <mixed-citation>
          <string-name>
            <given-names>and Ethical</given-names>
            <surname>Synthesis</surname>
          </string-name>
          ,
          <source>Journal of Medical Internet on Dependable and Secure Computing</source>
          <volume>16</volume>
          (
          <year>2019</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref81">
        <mixed-citation>
          <source>Research</source>
          <volume>23</volume>
          (
          <year>2021</year>
          )
          <article-title>e25120</article-title>
          . doi:
          <volume>10</volume>
          .2196/25120.
          <fpage>996</fpage>
          -
          <lpage>1010</lpage>
          . doi:
          <volume>10</volume>
          .1109/TDSC.
          <year>2017</year>
          .
          <volume>2725953</volume>
          . [71]
          <string-name>
            <given-names>R.</given-names>
            <surname>Matzutt</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Müllmann</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E.-M.</given-names>
            <surname>Zeissig</surname>
          </string-name>
          , C. Horst, [80]
          <string-name>
            <given-names>A.</given-names>
            <surname>Fromm</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Stepa</surname>
          </string-name>
          , HDFT++ Hybrid Data Flow
        </mixed-citation>
      </ref>
      <ref id="ref82">
        <mixed-citation>
          <string-name>
            <given-names>K.</given-names>
            <surname>Kasugai</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Lidynia</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Wieninger</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. H.</given-names>
            <surname>Ziegel- Tracking for SaaS Cloud</surname>
          </string-name>
          <article-title>Services</article-title>
          , in: 2017 IEEE 4th
        </mixed-citation>
      </ref>
      <ref id="ref83">
        <mixed-citation>
          <source>controlled Ecosystem for Sharing Personal Data USA</source>
          ,
          <year>2017</year>
          , pp.
          <fpage>333</fpage>
          -
          <lpage>338</lpage>
          . doi:
          <volume>10</volume>
          .1109/CSCloud.
        </mixed-citation>
      </ref>
      <ref id="ref84">
        <mixed-citation>
          (
          <year>2017</year>
          ). doi:
          <volume>10</volume>
          .18420/IN2017_
          <fpage>109</fpage>
          .
          <year>2017</year>
          .
          <volume>9</volume>
          . [72]
          <string-name>
            <given-names>H.</given-names>
            <surname>Baars</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Tank</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Weber</surname>
          </string-name>
          , H.-G. Kemper, H. Lasi, [81]
          <string-name>
            <given-names>Z.</given-names>
            <surname>Qin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Xiong</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Wu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Batamuliza</surname>
          </string-name>
          , A Survey
        </mixed-citation>
      </ref>
      <ref id="ref85">
        <mixed-citation>
          <string-name>
            <surname>Ecosystems</surname>
          </string-name>
          ,
          <source>Applied Sciences</source>
          <volume>11</volume>
          (
          <year>2021</year>
          )
          <fpage>7547</fpage>
          .
          <string-name>
            <surname>Computing</surname>
          </string-name>
          (
          <year>2016</year>
          )
          <fpage>1</fpage>
          -
          <lpage>1</lpage>
          . doi:
          <volume>10</volume>
          .1109/TSC.
          <year>2016</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref86">
        <mixed-citation>
          <source>doi:10.3390/app11167547</source>
          .
          <fpage>2551238</fpage>
          . [73]
          <string-name>
            <given-names>A. L.</given-names>
            <surname>Marra</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>Martinelli</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Mori</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Saracino</surname>
          </string-name>
          , [82]
          <string-name>
            <given-names>T.</given-names>
            <surname>Pasquier</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Bacon</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Singh</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Eyers</surname>
          </string-name>
          , Data-
        </mixed-citation>
      </ref>
      <ref id="ref87">
        <mixed-citation>
          <source>dustrial Internet of Things</source>
          , in: C.
          <string-name>
            <surname>Alcaraz</surname>
          </string-name>
          (Ed.),
          <source>Proceedings of the 21st ACM on Symposium on</source>
        </mixed-citation>
      </ref>
      <ref id="ref88">
        <mixed-citation>
          <source>Internet of Things</source>
          , Springer International Pub- Shanghai China,
          <year>2016</year>
          , pp.
          <fpage>81</fpage>
          -
          <lpage>88</lpage>
          . doi:
          <volume>10</volume>
          .1145/
        </mixed-citation>
      </ref>
      <ref id="ref89">
        <mixed-citation>
          <string-name>
            <surname>lishing</surname>
          </string-name>
          , Cham,
          <year>2019</year>
          , pp.
          <fpage>115</fpage>
          -
          <lpage>135</lpage>
          . doi:
          <volume>10</volume>
          .1007/ 2914642.2914662.
        </mixed-citation>
      </ref>
      <ref id="ref90">
        <mixed-citation>
          978-3-
          <fpage>030</fpage>
          -12330-
          <issue>7</issue>
          _
          <fpage>6</fpage>
          . [83]
          <string-name>
            <given-names>A.</given-names>
            <surname>Bessani</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Correia</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Quaresma</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>André</surname>
          </string-name>
          , [74]
          <string-name>
            <given-names>X.</given-names>
            <surname>Lu</surname>
          </string-name>
          , X. Cheng, A Secure and
          <string-name>
            <surname>Lightweight Data P. Sousa</surname>
          </string-name>
          , DepSky: Dependable and Secure Stor-
        </mixed-citation>
      </ref>
      <ref id="ref91">
        <mixed-citation>
          <source>IEEE Access 8</source>
          (
          <year>2020</year>
          )
          <fpage>5022</fpage>
          -
          <lpage>5030</lpage>
          . doi:
          <volume>10</volume>
          .1109/ Storage 9 (
          <year>2013</year>
          )
          <fpage>1</fpage>
          -
          <lpage>33</lpage>
          . doi:
          <volume>10</volume>
          .1145/2535929.
        </mixed-citation>
      </ref>
      <ref id="ref92">
        <mixed-citation>
          <string-name>
            <surname>ACCESS.</surname>
          </string-name>
          <year>2019</year>
          .
          <volume>2962729</volume>
          . [84]
          <string-name>
            <given-names>S.</given-names>
            <surname>Sundareswaran</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Squicciarini</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Lin</surname>
          </string-name>
          , Ensur[75]
          <string-name>
            <given-names>J.</given-names>
            <surname>Pennekamp</surname>
          </string-name>
          , E. Buchholz,
          <string-name>
            <surname>Y.</surname>
          </string-name>
          <article-title>Lockner, ing Distributed Accountability for Data Sharing in</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref93">
        <mixed-citation>
          <string-name>
            <given-names>C.</given-names>
            <surname>Hopmann</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Wehrle</surname>
          </string-name>
          ,
          <source>Privacy-Preserving Secure Computing</source>
          <volume>9</volume>
          (
          <year>2012</year>
          )
          <fpage>556</fpage>
          -
          <lpage>568</lpage>
          . doi:
          <volume>10</volume>
          .1109/
        </mixed-citation>
      </ref>
      <ref id="ref94">
        <mixed-citation>
          <string-name>
            <given-names>Production</given-names>
            <surname>Process Parameter Exchange</surname>
          </string-name>
          , in: TDSC.
          <year>2012</year>
          .
          <volume>26</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref95">
        <mixed-citation>
          <string-name>
            <given-names>Annual</given-names>
            <surname>Computer Security Applications</surname>
          </string-name>
          Con- [85]
          <string-name>
            <given-names>A.</given-names>
            <surname>Rafique</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D. Van</given-names>
            <surname>Landuyt</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E. Heydari</given-names>
            <surname>Beni</surname>
          </string-name>
          , B. La-
        </mixed-citation>
      </ref>
      <ref id="ref96">
        <mixed-citation>
          <string-name>
            <surname>ference</surname>
          </string-name>
          , ACM,
          <string-name>
            <surname>Austin</surname>
            <given-names>USA</given-names>
          </string-name>
          ,
          <year>2020</year>
          , pp.
          <fpage>510</fpage>
          -
          <lpage>525</lpage>
          . gaisse, W. Joosen, CryptDICE: Distributed data
        </mixed-citation>
      </ref>
      <ref id="ref97">
        <mixed-citation>
          <source>doi:10.1145/3427228</source>
          .3427248.
          <article-title>protection system for secure cloud data storage</article-title>
          and [76]
          <string-name>
            <given-names>S.</given-names>
            <surname>Mangel</surname>
          </string-name>
          ,
          <string-name>
            <given-names>L.</given-names>
            <surname>Gleim</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Pennekamp</surname>
          </string-name>
          , K. Wehrle, computation,
          <source>Information Systems</source>
          <volume>96</volume>
          (
          <year>2021</year>
          )
          <fpage>101671</fpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref98">
        <mixed-citation>
          <string-name>
            <given-names>S.</given-names>
            <surname>Decker</surname>
          </string-name>
          , Data Reliability and Trustworthiness doi:
          <volume>10</volume>
          .1016/j.is.
          <year>2020</year>
          .
          <volume>101671</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref99">
        <mixed-citation>
          <string-name>
            <given-names>Through</given-names>
            <surname>Digital Transmission Contracts</surname>
          </string-name>
          , in: The [86]
          <string-name>
            <given-names>K.</given-names>
            <surname>Edemacu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>B.</given-names>
            <surname>Jang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J. W.</given-names>
            <surname>Kim</surname>
          </string-name>
          , CESCR: CP-ABE
        </mixed-citation>
      </ref>
      <ref id="ref100">
        <mixed-citation>
          <string-name>
            <given-names>Semantic</given-names>
            <surname>Web</surname>
          </string-name>
          , volume
          <volume>12731</volume>
          , Springer Interna-
          <article-title>for eficient and secure sharing of data in collab-</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref101">
        <mixed-citation>
          <string-name>
            <surname>tional Publishing</surname>
          </string-name>
          , Cham,
          <year>2021</year>
          , pp.
          <fpage>265</fpage>
          -
          <lpage>283</lpage>
          . doi:10.
          <article-title>orative ehealth with revocation and no dummy</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref102">
        <mixed-citation>
          <volume>1007</volume>
          /
          <fpage>978</fpage>
          -3-
          <fpage>030</fpage>
          -77385-4_
          <fpage>16</fpage>
          . attribute,
          <source>PLOS ONE 16</source>
          (
          <year>2021</year>
          )
          <article-title>e0250992</article-title>
          . doi:10. [77]
          <string-name>
            <given-names>R.</given-names>
            <surname>Matzutt</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Pennekamp</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Wehrle</surname>
          </string-name>
          ,
          <string-name>
            <surname>A Secure</surname>
          </string-name>
          <source>and 1371/journal.pone.0250992.</source>
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>