• DocumentCode
    1831405
  • Title

    ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments

  • Author

    Asghar, Muhammad Rizwan ; Ion, Mihaela ; Russello, Giovanni ; Crispo, Bruno

  • Author_Institution
    Create-Net, Trento, Italy
  • fYear
    2011
  • fDate
    22-26 Aug. 2011
  • Firstpage
    99
  • Lastpage
    108
  • Abstract
    The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.
  • Keywords
    authorisation; access control mechanism; authorisation policy; encrypted security policy; enforcing mechanism; outsourced environment; policy-based system; security decision; security mechanism; Availability; Security; Cloud Computing; Data Outsourcing; Encrypted Policies; Policy Protection; Privacy; Security; Sensitive Policy Evaluation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    978-1-4577-0979-1
  • Electronic_ISBN
    978-0-7695-4485-4
  • Type

    conf

  • DOI
    10.1109/ARES.2011.23
  • Filename
    6045944