Secure web-based retrieval of documents with usage controls

Djalaliev, Peter; Brustoloni, José Carlos

doi:10.1145/1529282.1529738

Cited by 3 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The corresponding data usage policies are stored as file metadata, while the key for decryption of the encrypted file system is sealed to a trusted configuration using the TPM. This ensures that the file system decryption key is only accessible if the system's current software stack, which is [47] enables the secure posting and retrieval of protected documents via web servers.…”

Section: Securing Data Usage Control Infrastructuresmentioning

confidence: 99%

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

AcknowledgementsMy thanks go to• Prof. Pretschner. For introducing me to the academic world with all its diverse aspects: administrative matters, conferences, discussions, learning, reading, presentations, projects, reviewing, teaching, writing, pain and glory. For letting me work on an interesting thesis topic. For guidance, feedback, liberty, criticism and plaudits.• Prof. Katzenbeisser. For providing feedback on earlier partial results of this thesis.• all co-authors and internal reviewers. Alexander, Dominik, Enrico, Fatemeh, Hervais, Matthias, Mojdeh, Prachi, Saahil, Sebastian, Tobias. For teaching me how to collaboratively write scientific documents and how to cope best with endless discussions, reviews, corrections, rewriting, etc.• all remaining current and former colleagues and collaborators from KIT, TUM, • all project partners from TU Darmstadt, Universität Freiburg, Universität Kassel, Capurro Fiek Stiftung für Informationsethik, Fraunhofer SIT, Google Germany GmbH, Deutsche Post AG, Nokia, IBM, AGT International, DFKI, Seeburger, Stadtwerke Saarlouis. For innumerable interesting and diverse experiences.• all developers and authors of free tools and Q&A websites. For developing and maintaining software such as Eclipse, Firefox, Gimp, Gnome, Gnuplot, Inkscape, LaTeX, LibreOffice, Linux, StackExchange, Thunderbird, and many more.• all friends and family. Which are simply too many to enumerate. For constantly reminding me, both consciously and unconsciously, in countless ways that there is more to life than work and research. AbstractData usage control provides mechanisms for data owners to remain in control over how their data is used after it has been accessed. Corresponding technical solutions are thus applicable in many distinct areas such as the protection of business, military and government secrets, intellectual property, as well as private user data. However, most existing solutions focus on the enforcement of data usage control within single systems and disregard distributed aspects of data usage control, i.e. how the usage of data can be controlled once data has been shared across systems and organizations.In fact, many data usage policies can only be enforced on a global scale, as they refer to data as well as data usage events happening within several distributed systems, e.g. "at each point in time at most two clerks might have a local copy of this contract", or "a contract must be approved by at least two clerks before it is sent to the customer".While such policies can intuitively be enforced using a centralized infrastructure, major drawbacks are that such solutions constitute a single point of failure and that they are expected to cause heavy communication and performance overheads.In order to address these open challenges, this dissertation contributes by providing (i) a formal distributed data usage control system model, and (ii) the first fully decentralized infrastructure for the preventive enforcement of data usage policies. More precisely, the provided model allows to track the f...

show abstract

Section: Securing Data Usage Control Infrastructuresmentioning

confidence: 99%

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

show abstract

“…Brustolini et al propose a simplified version where policies are specified through allowing or denying specific operations (open, copy, print, etc.) on digital objects [6,9]. The system comprises a kernel level security module for SELinux, a web browser plugin and a modified web server that offers the ability to post information objects to a web service.…”

Section: Proactive Enforcementmentioning

confidence: 99%

“…Djalaliev et al do provide a benchmark of regular HTTP and TLS traffic and show that the modified TLS used for attestation only introduces an increase in CPU usage of about 20% [9]. The latency analysis demonstrates that usage controlled file retrieval introduces a penalty varying from 100% to 30% with increasing file sizes.…”

Section: Testing and Evaluationmentioning

confidence: 99%

Usage Control Enforcement - A Survey

Nyre

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Sharing information allows businesses to take advantage of hidden knowledge, improve work processes and cooperation both within and across organisations. Thus there is a need for improved information protection capable of restricting how information is used, as opposed to only accessed. Usage Control has been proposed to achieve this by combining and extending traditional access control, Digital Rights Management and various encryption schemes. Advances in usage control enforcement has received considerable attention from the research community and we therefore believe there is a need to synthesise these efforts to minimise the potential for overlap. This paper surveys the previous efforts on providing usage control enforcement and analyses the general strengths and weaknesses of these approaches. In this paper we demonstrate that there are several promising mechanisms for enforcing usage control, but that reliable empirical evidence is required in order to ensure the appropriateness and usability of the enforcement mechanisms.

show abstract

“…To allow distributors of information subject to usage controls to verify the trustworthiness of a UCLinux-based platform, UCLinux uses a version of the TLS v1.0 protocol [14], extended to include attestation during its handshake [10].…”

Section: Attestationmentioning

confidence: 99%

Uclinux

Kyle

Brustoloni

2007

Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing

Self Cite

View full text Add to dashboard Cite

Usage controls allow the distributor of some information to limit how recipients of that information may use it. The Trusted Computing Group has standardized Trusted Platform Modules (TPMs) that are built into an increasing number of computers and could greatly harden usage controls against circumvention. However, existing operating systems support TPMs only partially. We describe UCLinux, a novel Linux Security Module that, unlike previous work, supports TPM-based attestation, sealing, and usage controls on existing processors and with minimal modifications in the operating system kernel and applications. Experiments show that UCLinux has modest impact on the system's boot latency and run-time performance.

show abstract

Secure web-based retrieval of documents with usage controls

Cited by 3 publications

References 6 publications

Data Usage Control for Distributed Systems

Data Usage Control for Distributed Systems

Usage Control Enforcement - A Survey

Uclinux

Contact Info

Product

Resources

About