Sharing but Protecting Content Against Internal Leakage for Organisations

Alawneh, Muntaha; Abbadi, Imad M.

doi:10.1007/978-3-540-70567-3_19

Cited by 10 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The process of the dynamic domains establishment is similar to the global domain establishment, which is described in section 5.2. However,there is some differences which are summarised in figure 3; for detailed description about this see Alawneh and Abbadi [5].…”

Section: Dynamic Domain Establishmentmentioning

confidence: 96%

“…Alawneh and Abbadi [5] proposed the dynamic domain mechanism for organising the internal system for organisations. In this paper we apply their approach in the context of collaborating organisations, which is summarised in this section.…”

Section: Dynamic Domain Definitionmentioning

confidence: 99%

“…Also, a data object must be unsealed on the same TPM that sealed the object. 5 AIKs are signature key pairs function as aliases for the TP; they are generated by the TPM, and the public part is included in a certificate known as an Identity Credential, signed by a trusted third party called a privacy certification authority (privacy CA). The identity credential asserts that the (public part of the) AIK belongs to a TP with specified properties, without revealing which TP the key belongs to.…”

Section: Trusted Software Agentmentioning

confidence: 99%

See 2 more Smart Citations

Preventing information leakage between collaborating organisations

Alawneh

Abbadi²

2008

Proceedings of the 10th International Conference on Electronic Commerce

Self Cite

View full text Add to dashboard Cite

Information sharing and protection against leakage is a critical problem especially for organisations having sensitive information. Sharing content between individuals in the same organisation extends to exchanging and sharing content between collaborating organisations. In this paper we propose a novel solution for preventing shared information between collaborating organisations from getting leaked to unauthorised users inside the distination organisation or out side it. In addition, once the content is in the hands of authorised users our solution prevents unethical authorised users from leaking such content to other users in the same organisation or third parties.In this paper we provide a mechanism for a source organisation to send content to another collaborating organisation in such a way the sent content is either accessed by a specific group of users performing a specific task or it could be accessed by all devices member in the destination organisation, which should be based on organisation policy and requirements. In the proposed solution we used trusted computing technology to provide a hardware-based root of trust for the master controller and organisation devices.

show abstract

Section: Dynamic Domain Establishmentmentioning

confidence: 96%

Section: Dynamic Domain Definitionmentioning

confidence: 99%

Section: Trusted Software Agentmentioning

confidence: 99%

See 1 more Smart Citation

Preventing information leakage between collaborating organisations

Alawneh

Abbadi²

2008

Proceedings of the 10th International Conference on Electronic Commerce

Self Cite

View full text Add to dashboard Cite

show abstract

“…As described in the introduction, the protection of content (typically by encrypting it) whilst being exchanged between organisations member in a VO is not enough by itself for preventing content leakage 10. Therefore, we need a mechanism to prevent transferring content in the clear and at the same time to protect content encryption keys from being accessed by unauthorised users.…”

Section: Secure Domainsmentioning

confidence: 99%

“…Content leakage happens when an employee who has access to content transfers the content unprotected or the protected content and the means for accessing it to others, who are not authorised to access the content 9, 10. This can be performed using different mechanisms such as: Transferring digital content in the clear using physical medium (e.g.…”

Section: Introductionmentioning

confidence: 99%

Secure information sharing for grid computing

Abbadi¹,

Alawneh

2010

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Computational grids require secure information sharing between users and resources. Users and resources are members in collaborating organisations, which form a virtual organisation (VO). The heterogeneous distribution of resource providers and requesters require a mechanism to protect shared information and resources from being misused not only by unauthorised individuals but also from authorised individuals. This paper proposes a novel mechanism for controlling information sharing but protection between members in a VO. Content can be shared between members of a VO subject to the VO policy and content owner organisation policy. In the proposed mechanism a member in a VO, who is authorised to access content, is not capable of transferring unprotected content, or protected content and the means for accessing it accidentally or deliberately to others. The VO project managers and collaborating organisations administrators decide which device can access content. Also, when a resource/user leaves the VO the resource/user will not be capable to access the shared information; thereby preventing uncontrolled content leakage. In the proposed solution, we used trusted computing technology to provide a hardware-based root of trust on user devices.The above cases are only sample cases to show the importance of the problem; many other cases can be developed. These demonstrate that trusting VO members is not enough by itself to protect VO content, 488 I. M. ABBADI AND M. ALAWNEH Fujitsu, HP, Intel and Toshiba [11]. TCG is a wide subject and has been discussed by many researchers; we will not address the details of TCG specifications in this paper; however, in the next section we describe TCG's

show abstract

Toward Trustworthy Clouds’ Internet Scale Critical Infrastructure

Abbadi

2011

Information Security Practice and Experience

View full text Add to dashboard Cite

Sharing but Protecting Content Against Internal Leakage for Organisations

Cited by 10 publications

References 14 publications

Preventing information leakage between collaborating organisations

Preventing information leakage between collaborating organisations

Secure information sharing for grid computing

Toward Trustworthy Clouds’ Internet Scale Critical Infrastructure

Contact Info

Product

Resources

About