A policy-based containerized filter for secure information sharing in organizational environments

Gonzalez-Compeán, J. L.; Telles, Oscar; López-Arévalo, Iván; Morales-Sandoval, Miguel; Sosa-Sosa, Víctor J.; Carretero, Jesús

doi:10.1016/j.future.2019.01.002

Cited by 9 publications

(4 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authentication and authorization of entities participating are established in this scheme. Sec-Filter [95] is a security filter that applies different security policies to data in information-sharing environments before sending them to the cloud. The policies are automatically defined by the risk level that is discovered by SecFilter by using mining data techniques.…”

Section: Related Workmentioning

confidence: 99%

On the Continuous Processing of Health Data in Edge-Fog-Cloud Computing by Using Micro/Nanoservice Composition

et al. 2020

Self Cite

View full text Add to dashboard Cite

The edge, the fog, the cloud, and even the end-user's devices play a key role in the management of the health sensitive content/data lifecycle. However, the creation and management of solutions including multiple applications executed by multiple users in multiple environments (edge, the fog, and the cloud) to process multiple health repositories that, at the same time, fulfilling non-functional requirements (NFRs) represents a complex challenge for health care organizations. This paper presents the design, development, and implementation of an architectural model to create, on-demand, edge-fog-cloud processing structures to continuously handle big health data and, at the same time, to execute services for fulfilling NFRs. In this model, constructive and modular blocks, implemented as microservices and nanoservices, are recursively interconnected to create edge-fog-cloud processing structures as infrastructureagnostic services. Continuity schemes create dataflows through the blocks of edge-fog-cloud structures and enforce, in an implicit manner, the fulfillment of NFRs for data arriving and departing to/from each block of each edge-fog-cloud structure. To show the feasibility of this model, a prototype was built using this model, which was evaluated in a case study based on the processing of health data for supporting critical decision-making procedures in remote patient monitoring. This study considered scenarios where end-users and medical staff received insights discovered when processing electrocardiograms (ECGs) produced by sensors in wireless IoT devices as well as where physicians received patient records (spirometry studies, ECGs and tomography images) and warnings raised when online analyzing and identifying anomalies in the analyzed ECG data. A scenario where organizations manage multiple simultaneous each edge-fog-cloud structure for processing of health data and contents delivered to internal and external staff was also studied. The evaluation of these scenarios showed the feasibility of applying this model to the building of solutions interconnecting multiple services/applications managing big health data through different environments. INDEX TERMS Big health data, edge-fog-cloud, health-IoT processing, Internet of Things, microservice architecture.

show abstract

Section: Related Workmentioning

confidence: 99%

On the Continuous Processing of Health Data in Edge-Fog-Cloud Computing by Using Micro/Nanoservice Composition

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…The resulting encryption is the package DET-ABE provides effective access control mechanisms and confidentiality over a large documents dataset. It has been successfully tested in other systems [40], [41], however, DET-ABE does not support searchable encryption (DET-ABE only meets requirement R1).…”

Section: B Cp-abe and Det-abementioning

confidence: 99%

Attribute-Based Encryption Approach for Storage, Sharing and Retrieval of Encrypted Data in the Cloud

et al. 2020

Self Cite

View full text Add to dashboard Cite

One of the most cost-effective services in cloud computing is storage, used by businesses and individuals to outsource their massive data to untrusted servers. Efforts have studied problems around this application scenario in different fronts: efficiency, flexibility, reliability, and security. In this paper we address the security concerns of cloud storage under the scenario where users encrypt-then-outsource data, share their outsourced data with other users, and the service provider can be queried for searching and retrieval of encrypted data. As main distinctive, we propose a security approach for storage, sharing and retrieval of encrypted data in the cloud fully constructed on the basis of attribute-based encryption (ABE) thus enabling access control mechanisms over both the encrypted data and also for the information retrieval task through search access control. Compared to related works, our approach considers efficient encryption at three different levels:) bulk encryption of data outsourced to the cloud,) keys management for access control over encrypted data by means of digital envelopes from attribute based encryption, and) novel construction for attribute based searchable encryption (ABSE). Our underlying ABE algorithms are carefully selected from the body of knowledge and novel constructions for ABSE are provided over the asymmetric setting (Type-III pairings) to support security levels of 128-bits or greater. Experimental results on benchmark data sets demonstrate the viability of our approach for practical realizations using Barreto-Naehrig curves.

show abstract

“…In previous works, we designed pipeline-based solutions for a space agency [19], medical [24] and regular organizations [6] to add value to their contents before sharing data with partners or sending these contents to the cloud. In this process, we found that applications with small service times (fast filters) created bottlenecks when being coupled with slow applications, whereas slow ones led to idle times for fast ones.…”

Section: Gearbox Model Formalizationmentioning

confidence: 99%

“…To achieve a competitive configuration of Parsl, we performed a set of experiments by varying the number of threads used by Parsl until finding a configuration that would reduce that queuing of read and write operations, which enabling the filters to start the processing of data in less time. We found that reducing the number of threads to the half (6) was key for Parsl to read contents in overlapped manner with the threads used by the filters for processing data in the pipeline. This reduced the response time of Parsl in significant manner (see Figs.…”

Section: Preprocessing Of Medical Image Repository (Ddsm)mentioning

confidence: 99%

A gearbox model for processing large volumes of data by using pipeline systems encapsulated into virtual containers

Santiago-Duran

Gonzalez-Compeán

Brinkmann

et al. 2020

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

A policy-based containerized filter for secure information sharing in organizational environments

Cited by 9 publications

References 48 publications

On the Continuous Processing of Health Data in Edge-Fog-Cloud Computing by Using Micro/Nanoservice Composition

On the Continuous Processing of Health Data in Edge-Fog-Cloud Computing by Using Micro/Nanoservice Composition

Attribute-Based Encryption Approach for Storage, Sharing and Retrieval of Encrypted Data in the Cloud

A gearbox model for processing large volumes of data by using pipeline systems encapsulated into virtual containers

Contact Info

Product

Resources

About