Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments

Asghar, Muhammad Rizwan (2013) Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments. PhD thesis, University of Trento.

[img]
Preview
PDF (Ph.D. Dissertation of Muhammad Rizwan Asghar) - Doctoral Thesis
Available under License Creative Commons Attribution Non-commercial Share Alike.

1872Kb

Abstract

The enforcement of sensitive policies in untrusted environments is still an open challenge for policy-based systems. On the one hand, taking any appropriate security decision requires access to these policies. On the other hand, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. The key challenge is how to enforce sensitive policies and protect content in untrusted environments. In the context of untrusted environments, we mainly distinguish between outsourced and distributed environments. The most attractive paradigms concerning outsourced and distributed environments are cloud computing and opportunistic networks, respectively. In this dissertation, we present the design, technical and implementation details of our proposed policy-based access control mechanisms for untrusted environments. First of all, we provide full confidentiality of access policies in outsourced environments, where service providers do not learn private information about policies during the policy deployment and evaluation phases. Our proposed architecture is such that we are able to support expressive policies and take into account contextual information before making any access decision. The system entities do not share any encryption keys and even if a user is deleted, the system is still able to perform its operations without requiring any action. For complex user management, we have implemented a policy-based Role-Based Access Control (RBAC) mechanism, where users are assigned roles, roles are assigned permissions and users execute permissions if their roles are active in the session maintained by service providers. Finally, we offer the full-fledged RBAC policies by incorporating role hierarchies and dynamic security constraints. In opportunistic networks, we protect content by specifying expressive access control policies. In our proposed approach, brokers match subscriptions against policies associated with content without compromising privacy of subscribers. As a result, an unauthorised broker neither gains access to content nor learns policies and authorised nodes gain access only if they satisfy fine-grained policies specified by publishers. Our proposed system provides scalable key management in which loosely-coupled publishers and subscribers communicate without any prior contact. Finally, we have developed a prototype of the system that runs on real smartphones and analysed its performance.

Item Type:Doctoral Thesis (PhD)
Doctoral School:Information and Communication Technology
PhD Cycle:26
Subjects:Area 01 - Scienze matematiche e informatiche > INF/01 INFORMATICA
Area 02 - Scienze fisiche
Uncontrolled Keywords:Policy Protection, Sensitive Policy Enforcement, Encrypted RBAC, Secure Opportunistic Networks, Encrypted CPABE Policies
Funders:Create-Net, Italy
Repository Staff approval on:19 Dec 2013 16:25

Related URLs:

Repository Staff Only: item control page