On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies

This paper presents an integrated security architecture for heterogeneous distributed systems. Based on the MPEG-21 standard data structures and the MPEG-M standard services, the proposed architecture provides a unified, fine-grained solution for protecting each information unit circulated in the system. In this context, a novel scheme for translating the access control rules, initially expressed by means of the standard MPEG-21 Rights Expression Language, into Ciphertext-Policy Attribute-Based Encryption access trees is introduced, thereby enabling offline authorization based on the users’ attributes, also encapsulated and certified using MPEG-21 licenses. The proposed framework provides a detailed approach in all the steps of the information protection process, from attribute acquisition to data encryption and decryption.

[1]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[2]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[3]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[4]  Dijiang Huang,et al.  ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks , 2009, Ad Hoc Networks.

[5]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[6]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2011 .

[7]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[8]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[9]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[10]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[11]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[12]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Dimitra I. Kaklamani,et al.  An ontology-based approach towards comprehensive workflow modelling , 2014, IET Softw..

[14]  Mirina Grosz,et al.  World Wide Web Consortium , 2010 .

[15]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[16]  Hamideh Afsarmanesh,et al.  Towards a Framework for Creation of Dynamic Virtual Organizations , 2005, PRO-VE.

[17]  Allen Tucker Computer Science Handbook, Second Edition CD-ROM , 2004 .

[18]  Dimitra I. Kaklamani,et al.  Leveraging Access Control for Privacy Protection: A Survey , 2012 .

[19]  Hamideh Afsarmanesh,et al.  Virtual Organizations: Systems and Practices , 2004 .

[20]  Mike P. Papazoglou,et al.  Service oriented architectures: approaches, technologies and research issues , 2007, The VLDB Journal.

[21]  Xin Wang,et al.  MPEG-M: A digital media ecosystem for interoperable applications , 2014, Signal Process. Image Commun..

[22]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[23]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[24]  Ian F. Akyildiz,et al.  Sensor Networks , 2002, Encyclopedia of GIS.

[25]  Haibo Shen A Semantic-Aware Attribute-Based Access Control Model for Web Services , 2009, ICA3PP.

[26]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[27]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[28]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[29]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[30]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[31]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[32]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[33]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[34]  Christoph Meinel,et al.  A Web Service Architecture for Decentralised Identity- and Attribute-Based Access Control , 2009, 2009 IEEE International Conference on Web Services.

[35]  Nora Cuppens-Boulahia,et al.  Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model , 2013, FPS.

[36]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[37]  Nora Cuppens-Boulahia,et al.  A privacy-aware access control model for distributed network monitoring , 2013, Comput. Electr. Eng..

[38]  Jack I. Lerner,et al.  Taking the 'Long View' on the Fourth Amendment: Stored Records and the Sanctity of the Home , 2008 .

[39]  Fausto Giunchiglia,et al.  Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment , 2010, Wirel. Pers. Commun..

[40]  Dimitra I. Kaklamani,et al.  A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring , 2011, DPM/SETOP.

[41]  Wensheng Zhang,et al.  Securing distributed data storage and retrieval in sensor networks , 2007, Pervasive Mob. Comput..

[42]  Nora Cuppens-Boulahia,et al.  Managing access and flow control requirements in distributed workflows , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[43]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[44]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[45]  Philip Robinson,et al.  Security architecture for virtual organizations of business web services , 2009, J. Syst. Archit..

[46]  Ang Gao,et al.  Free global ID against collusion attack on multi-authority attribute-based encryption , 2013, Secur. Commun. Networks.

[47]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[48]  Dimitra I. Kaklamani,et al.  Leveraging Semantic Web Technologies for Access Control , 2014 .