Abstract. Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitimate user is allowed to send a resource to someone who has no access rights in the AC). In this article, we aim at creating TC policies that are compliant with existing AC policies. To do so, we use a mapping mechanism that generates TC rules directly from existing AC policies. Thanks to the generated rules, our solution can make inferences to improve existing AC and enhance security knowledge between infrastructures.
Data leakage can lead to severe issues for a company, including financial loss, damage of goodwill, reputation, lawsuits and loss of future sales. To prevent these problems, a company can use other mechanisms on top of traditional Access Control. These mechanisms include for instance Data Leak Prevention or Information Rights Management and can be referred as Transmission Control. However, such solutions can lack usability and can be intrusive for end-users employees. To have a better understanding of the perception and usage of such mechanisms within business infrastructures, we have conducted in this article an online survey on 150 employees. These employees come from different companies of different sizes and sectors of activity. The results show that whatever the size of the company or its sector of activity, security mechanisms such as access control and transmission control can be considered as quite intrusive and blocking for employees. Moreover, our survey also shows interesting results regarding more acceptable and user-friendly anti-data leakage mechanisms that could be used within companies.
The number of mobile devices connected to the Internet is rapidly growing, inducing security issues that cannot be prevented by common mechanisms such as HTTPS. Indeed, mobile environments require light algorithms that can reduce the power-consumption and extend battery life. Moreover, HTTPS does not offer fine-grained control over the security properties such as integrity, confidentiality or authenticity. This lack of flexibility can be problematic for both power-consumption and security robustness. To overcome these issues, we have proposed in previous works a modular architecture, called LECCSAM, based on security components to secure any communication protocol by adding the required security properties. In the context of HTTP, it provides an alternative version of HTTPS by adding the integrity, confidentiality, and authenticity properties to HTTP separately or in block (i.e. only one property or any combinations of two or more properties), depending on the user needs and usage context. In this paper, we propose to extend this alternative version of HTTPS with the non-repudiation property. Preliminary results of the performance evaluation are encouraging.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.