Matchbox: secure data sharing

Author

Goldman, Kenneth ; Valdez, Enriquillo

Author_Institution

IBM Thomas J. Watson Res. Center, Hawthorne, NY, USA

Volume

8

Issue

6

fYear

2004

Firstpage

18

Lastpage

24

Abstract

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control using digitally cosigned contracts to enforce sharing restrictions. To handle security operations, Matchbox uses the tamper-responding, programmable IBM 4758 cryptographic coprocessor. Matchbox servers can be distributed on a network for high availability, and parties can communicate with Matchbox over public networks - including hostile environments with untrusted hardware, software, and administrators.

Keywords

Internet; authorisation; coprocessors; cryptography; information retrieval; query processing; Matchbox database server; data access; digitally cosigned contract; fine-grained access control; homeland security; hostile environment; matchbox secure data sharing; programmable IBM 4758 cryptographic coprocessor; share sensitive data; tamper-responding; Access control; Contracts; Data security; Databases; File servers; Law; Legal factors; National security; Network servers; Terrorism; 65; Access controls; Authentication; Cryptographic controls; Data encryption; Data mining; Database management; Database security; Infrastructure protection; Network-level security and protection; Public key cryptosystems; Security and privacy protection;

fLanguage

English

Journal_Title

Internet Computing, IEEE

Publisher

ieee

ISSN

1089-7801

Type

jour

DOI

10.1109/MIC.2004.68

Filename

1355918