Privacy Data Envelope: Concept and implementation

Ghorbel, Mahmoud; Aghasaryan, Armen; Betgé-Brezetz, Stéphane; Dupont, Marie-Pascale; Kamga, Guy-Bertrand; Piekarec, Sophie

doi:10.1109/pst.2011.5971964

Cited by 9 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work developing a Data Distribution Infrastructure (DDI) [15] works to ensure distributed policy enforcement by integrating services into local enforcement infrastructures but simply assumes remote trust capabilities are present. Various other contributions to the area rely on homogeneous components [25], expect policy breaches to be prosecuted via review audits [7], work under assumptions that leave trust establishment as out of scope [13] [20] [19], or simply acknowledge that trusted attestation services could strengthen the system without considering how to incorporate them [6]. Our work looks to facilitate verifiable attribute collection, which allows informed policy decisions without strict component knowledge prior to policy authoring.…”

Section: B Related Workmentioning

confidence: 99%

Distributed Enforcement of Sticky Policies with Flexible Trust

Brown

Blough

2015

2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium

View full text Add to dashboard Cite

In this paper, we describe an approach to distributed enforcement of sticky policies in heterogeneous hardware and software environments. These heterogeneous environments might have differing mechanisms for attesting to their security capabilities and data sources might specify different levels of trust for different data items. Such an environment requires highly flexible policy specification and enforcement mechanisms. We employ sticky policies that travel with data wherever it travels, and we separate them into two components, a hosting policy and a usage policy. Hosting policies are used to ensure that data are transferred only to entities that are provably capable of providing local enforcement and only further transferring data under the same policies. Usage policies confer access, viewing, and update capabilities on users based on their attributes. The approach is supported by attribute-based certificates and policies, which include what authorities are trusted to certify attributes. In addition to presenting a full description of the approach, we report on a prototype implementation that includes all of the aforementioned components and also makes use of a modified version of Excel we developed to track security labels as data move through spreadsheets that are being shared by multiple users across different systems. II. INTRODUCTIONIn the information age in which we live, organizations maintain large amounts of data, much of it sensitive. In many situations, there could be great value in sharing these data with individuals or partners outside of an organization's controlled hardware/software infrastructure. For example, in the domain of medicine, health professionals would like to safely access patient information on their laptops or even mobile devices, and controlled sharing of such data for both health care and research purposes has obvious scientific and social benefits. Clearly, inadvertent disclosure of health information could have severe consequences for patients with sensitive conditions. Thus, although the benefits of information sharing are great, the risks of data breaches if the information is not properly handled after it is shared are often greater. A similar analysis can be made concerning sensitive customer information held by commercial organizations, information maintained in databases by law enforcement organizations, etc.Organizations that allow sensitive data to be disseminated need assurances that the systems receiving the data will control access so that users only see the information appropriate to their level of authorization, maintain sensitivity labels on information as data are propagated within the system, and only further disseminate the data to other systems if those systems meet the requirements of the data owner. Enabling concepts for this vision are sticky policies, wherein policies on data usage are propagated along with data as they move within and between systems, and information flow control (IFC), where sensitive information is tagged, tags propagate with data as t...

show abstract

Section: B Related Workmentioning

confidence: 99%

Distributed Enforcement of Sticky Policies with Flexible Trust

Brown

Blough

2015

2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium

View full text Add to dashboard Cite

show abstract

“…For this purpose, different mechanisms can be used such as the one proposed in our previous work where data and policy are bundled in a structure called Privacy Data Envelope (PDE). In this case, if the application is executed in a Web browser (connected to a remote Web Server), the TPA can be a browser plug-in intercepting the HTTP messages transporting the PDE (policy being extracted from this PDE) [12]; if the application is a mailer, the TPA can be a mailer plug-in (policy being extracted from the mail containing the PDE) [12]; or if the application is a FTP server, the TPA can be a module using Linux FUSE and intercepting -within the OS-the FTP request made on the PDE file (policy being also extracted from it) [13]. The TPA is then in charge to send the policy to the TPC (see Fig.2) which (i) computes a path satisfying the policy (see Policy-aware Path Computing module in Fig.2) and (ii) configures this path within the SDN network by using a SDN protocol as OpenFlow (see Policy-aware Path Configuration module in Fig.2).…”

Section: A Architecture Principlesmentioning

confidence: 99%

SDN-based Trusted Path Control

Betgé-Brezetz¹,

Kamga²,

Joutei

et al. 2014

2014 International Conference and Workshop on the Network of the Future (NOF)

View full text Add to dashboard Cite

Security of sensitive data in the network is a key issue in a world where such sensitive data can easily be transferred between different servers and locations (e.g., in networked clouds). In this context, there is a particular need to control the path followed by the data when they move across the cloud (e.g., to avoid crossing -even encrypted-un-trusted nodes or areas). In this paper we proposed therefore a new approach which aims to leverage the programmability offered by the SDN technology in order to enforce a trusted path for the transfer of sensitive data in the network. Given a policy related to the sensitive data (e.g., the data should not cross a given area), our approach allows sending this policy to an extended SDN controller (called Trusted Path Controller) which automatically enforces this policy in the SDN network. Two architectures have been investigated: the Out-of-Band architecture (the policy being sent to the Trusted Path Controller via a Web Service interface) and the In-Band architecture (the policy being sent to the Trusted Path Controller via a dedicated "signaling packet"). These two architectures have been implemented in a SDN controller. Experimentations and evaluations have also been performed on a test-bed of SDN switches which allow showing the feasibility of this approach as well as its performances.

show abstract