Modern cloud-based services offer free or low-cost content sharing with significant advantages for the users but also new issues in privacy and security. To protect sensitive contents (i.e., copyrighted, top secret, and personal data) from the unauthorized access, sophisticated access management systems or/and decryption schemes have been proposed, generally based on trusted applications at client side. These applications work also as access controllers, verifying specific permissions and restrictions accessing user’s resources. We propose secure bundles (S-bundles), which encapsulate a behavioral model (provided as bytecode) to define versatile stand-alone access controllers and encoding/decoding/signature schemes. S-bundles contain also ciphered contents, data access policies, and associated metadata. Unlike current solutions, our approach decouples the access policies from the applications installed in the user’s platform. S-bundles are multi-platform, by means of trusted bytecode executors. They offer data protection in case of storage in untrusted or honest-but-curious cloud providers.

Gallo, P., Andò, A., Garbo, G. (2016). Self-validating bundles for flexible data access control. In Proceedings of 4th International Conference in Software Engineering for Defence Applications, SEDA 2015 (pp. 273-286). Springer [10.1007/978-3-319-27896-4_23].

Self-validating bundles for flexible data access control

GALLO, Pierluigi
;
ANDO', Andrea;GARBO, Giovanni
2016-01-01

Abstract

Modern cloud-based services offer free or low-cost content sharing with significant advantages for the users but also new issues in privacy and security. To protect sensitive contents (i.e., copyrighted, top secret, and personal data) from the unauthorized access, sophisticated access management systems or/and decryption schemes have been proposed, generally based on trusted applications at client side. These applications work also as access controllers, verifying specific permissions and restrictions accessing user’s resources. We propose secure bundles (S-bundles), which encapsulate a behavioral model (provided as bytecode) to define versatile stand-alone access controllers and encoding/decoding/signature schemes. S-bundles contain also ciphered contents, data access policies, and associated metadata. Unlike current solutions, our approach decouples the access policies from the applications installed in the user’s platform. S-bundles are multi-platform, by means of trusted bytecode executors. They offer data protection in case of storage in untrusted or honest-but-curious cloud providers.
2016
Settore ING-INF/03 - Telecomunicazioni
9783319278940
Gallo, P., Andò, A., Garbo, G. (2016). Self-validating bundles for flexible data access control. In Proceedings of 4th International Conference in Software Engineering for Defence Applications, SEDA 2015 (pp. 273-286). Springer [10.1007/978-3-319-27896-4_23].
File in questo prodotto:
File Dimensione Formato  
Gallo-2016c.pdf

accesso aperto

Dimensione 345.9 kB
Formato Adobe PDF
345.9 kB Adobe PDF Visualizza/Apri
Gallo2016_Chapter_Self-validatingBundlesForFlexi.pdf

Solo gestori archvio

Dimensione 283.24 kB
Formato Adobe PDF
283.24 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10447/243879
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact