6533b7d6fe1ef96bd1266fde
RESEARCH PRODUCT
Self-validating bundles for flexible data access control
G. GarboPierluigi GalloAndrea Andosubject
021110 strategic defence & security studiesbundle information-centric security access policy bytecodeComputer sciencebusiness.industrySettore ING-INF/03 - Telecomunicazioni0211 other engineering and technologies020207 software engineeringAccess controlCloud computing02 engineering and technologyClient-sideComputer securitycomputer.software_genreMetadataData access0202 electrical engineering electronic engineering information engineeringData Protection Act 1998businesscomputerAccess structuredescription
Modern cloud-based services offer free or low-cost content sharing with significant advantages for the users but also new issues in privacy and security. To protect sensitive contents (i.e., copyrighted, top secret, and personal data) from the unauthorized access, sophisticated access management systems or/and decryption schemes have been proposed, generally based on trusted applications at client side. These applications work also as access controllers, verifying specific permissions and restrictions accessing user’s resources. We propose secure bundles (S-bundles), which encapsulate a behavioral model (provided as bytecode) to define versatile stand-alone access controllers and encoding/decoding/signature schemes. S-bundles contain also ciphered contents, data access policies, and associated metadata. Unlike current solutions, our approach decouples the access policies from the applications installed in the user’s platform. S-bundles are multi-platform, by means of trusted bytecode executors. They offer data protection in case of storage in untrusted or honest-but-curious cloud providers.
| year | journal | country | edition | language |
|---|---|---|---|---|
| 2016-01-01 |