A Rights Management Approach to Securing Data Distribution in Coalitions

Salim, Farzad; Sheppard, Nicholas Paul; Safavi-Naini, Reiheneh

doi:10.1109/nss.2010.94

“…access control mechanism, cryptography, fingerprinting, probabilistic evaluation and watermarking. [19], [20], [21], [22], [23] provide the security and privacy to data through access control mechanism. In [19], coalitions have been formed among data owners for distributing the data in a secure manner.…”

Section: Related Workmentioning

confidence: 99%

Layer-based Privacy and Security Architecture for Cloud Data Sharing

Gupta

¹

,

Singh

²

,

Singh

³

2019

JCOMSS

View full text Add to dashboard Cite

The management of data while maintaining its utility and preservation of security scheme is a matter of concern for the cloud owner. In order to minimize the overhead at cloud service provider of applying security over each document and then send it to the client, we propose a layered architecture. This approach maintains security of the sensitive document and privacy of its data sensitivity. To make a balance between data security and utility, the proposed approach categorizes the data according to its sensitivity. Perseverance of various categorization requires different algorithmic schemes. We set up a cloud distributed environment where data is categorized into four levels of sensitivity; public, confidential, secret, top secret and a different approach has been used to preserve the security at each level. At the most sensitive layers i.e. secret and top secret data, we made a provision to detect the faulty node that is responsible for data leakage. Finally, experimental analysis is carried out to analyze the performance of the layered approach. The experimental results show that time taken (in ms) in processing 200 documents of size 20 MB is 437, 2239, 3142, 3900 for public, confidential, secret and top secret data respectively when the documents are distributed among distinct users, which proves the practicality of the proposed approach.

show abstract

“…Data usage control enforcement systems [23], [24] employ preventive measures to ensure that data is transferred in distributed systems in a controlled manner preserving the well-defined policies. Techniques have been developed for securely distributing data by forming coalitions among the data owners [25]. In controlled environments, such techniques can be composed with our protocols to improve data privacy.…”

Section: Other Modelsmentioning

confidence: 99%

Data Lineage in Malicious Environments

Backes¹,

Grimm²,

Kate³

2016

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non-repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol and apply our framework to the important data leakage scenarios of data outsourcing and social networks. In general, we consider LIME , our lineage framework for data transfer, to be an key step towards achieving accountability by design. ✦ 1545-5971 (c)

show abstract

“…Data usage control enforcement systems [41,29] employ preventive measures to ensure that data is transferred in distributed systems in a controlled manner preserving the welldefined policies. Techniques have been developed for securely distributing data by forming coalitions among the data owners [45]. In controlled environments, such techniques can be composed with our protocols to improve data privacy.…”

Section: Other Modelsmentioning

confidence: 99%

Lime: Data Lineage in the Malicious Environment

Backes

¹

,

Grimm

²

,

Kate

³

2014

Security and Trust Management

View full text Add to dashboard Cite

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications.In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non-repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol.Privacy, consumer rights, and advocacy organizations such as PRC [7] and EPIC [8] try to address the problem of information leakages through policies and awareness. However, as seen in the following scenarios the effectiveness of policies is questionable as long as it is not possible to provably associate the guilty parties to the leakages.Scenario 1: Social Networking. It was reported that third party applications of the widely used online social network Facebook leak sensitive private information about the users or even their friends to advertising companies [3]. In this case, it was possible to determine that several applications were leaking data by analyzing their behaviour and so these applications could be disabled by Facebook. However, it is not possible to make a particular application responsible for leakages that already happened, as many different applications had access to the private data.Scenario 2: Outsourcing. Up to 108, 000 Florida state employees were informed that their personal information has been compromised due to improper outsourcing [5]. The outsourcing company that was handed sensitive data hired a further subcontractor that hired another subcontractor in India itself. Although the offshore subcontractor is suspected, it is not possible to provably associate one of the three companies to the leakage, as each of them had access to the data and could have possibly leaked it.We find that the above and other data leakage scenarios can be associated to an absence of accountability mechanisms during data transfers: leakers either do not focus on protection, or they intentionally expose confidential data without any concern, as they are convinced that the leaked data cannot be linked to them. In other words, when entities know that they can be held accountable for leakage of some information, they will demonstrate a better commitment towards its required protection.In some cases, identification of the leaker is made possible by forensic techniques, but these...

show abstract

A Rights Management Approach to Securing Data Distribution in Coalitions

Cited by 6 publications

References 4 publications

Layer-based Privacy and Security Architecture for Cloud Data Sharing

Layer-based Privacy and Security Architecture for Cloud Data Sharing

Data Lineage in Malicious Environments

Lime: Data Lineage in the Malicious Environment

Contact Info

Product

Resources

About