A policy-based containerized filter for secure information sharing in organizational environments

Abstract In organizational environments, sensitive information is unintentionally exposed and sent to the cloud without encryption by insiders that even were previously informed about cloud risks. To mitigate the effects of this information privacy paradox, we propose the design, development and implementation of SecFilter, a security filter that enables organizations to implement security policies for information sharing. SecFilter automatically performs the following tasks: (a) intercepts files before sending them to the cloud; (b) searches for sensitive criteria in the context and content of the intercepted files by using mining techniques; (c) calculates the risk level for each identified criterion; (d) assigns a security level to each file based on the detected risk in its content and context; and (e) encrypts each file by using a multi-level security engine, based on digital envelopes from symmetric encryption, attribute-based encryption and digital signatures to guarantee the security services of confidentiality, integrity and authentication on each file at the same time that access control mechanisms are enforced before sending the secured file versions to cloud storage. A prototype of SecFilter was implemented for a real-world file sharing application that has been deployed on a private cloud. Fine-tuning of SecFilter components is described and a case study has been conducted based on document sharing of a well-known repository (MedLine corpus). The experimental evaluation revealed the feasibility and efficiency of applying a security filter to share information in organizational environments.

[1]  David J. Weir,et al.  Co-occurrence Retrieval: A Flexible Framework for Lexical Distributional Similarity , 2005, CL.

[2]  Michael Juntao Yuan,et al.  A novel clinical decision support algorithm for constructing complete medication histories , 2017, Comput. Methods Programs Biomed..

[3]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Steven J. Simske,et al.  APEX: automated policy enforcement eXchange , 2010, DocEng '10.

[5]  Robert H. Deng,et al.  Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[6]  Changsheng Xu,et al.  Mining Semantic Context Information for Intelligent Video Surveillance of Traffic Scenes , 2013, IEEE Transactions on Industrial Informatics.

[7]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[8]  Christoph Meinel,et al.  Redesign cloudRAID for flexible and secure enterprise file sharing over public cloud storage , 2017, SIN.

[9]  Zhang Min,et al.  Study on Cloud Computing Security , 2011 .

[10]  Christopher Joseph Pal,et al.  EmoNets: Multimodal deep learning approaches for emotion recognition in video , 2015, Journal on Multimodal User Interfaces.

[11]  Linpeng Huang,et al.  EDAWS: A distributed framework with efficient data analytics workspace towards discriminative services for critical infrastructures , 2018, Future Gener. Comput. Syst..

[12]  Vladimir A. Oleshchuk,et al.  A Distributed Multi-Authority Attribute Based Encryption Scheme for Secure Sharing of Personal Health Records , 2017, SACMAT.

[13]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[14]  Murtaza Haider,et al.  Beyond the hype: Big data concepts, methods, and analytics , 2015, Int. J. Inf. Manag..

[15]  Miguel Morales-Sandoval,et al.  Protecting Data in the Cloud: An Assessment of Practical Digital Envelopes from Attribute based Encryption , 2017, DATA.

[16]  Jesús Carretero,et al.  CloudChain: A novel distribution model for digital products based on supply chain principles , 2018, Int. J. Inf. Manag..

[17]  Zellig S. Harris,et al.  Distributional Structure , 1954 .

[18]  Zenghui Wang,et al.  Deep Convolutional Neural Networks for Image Classification: A Comprehensive Review , 2017, Neural Computation.

[19]  Jian Shen,et al.  A secure cloud-assisted urban data sharing framework for ubiquitous-cities , 2017, Pervasive Mob. Comput..

[20]  Burton Rosenberg,et al.  Handbook of Financial Cryptography and Security , 2010 .

[21]  Henning Hermjakob,et al.  Biomedical Informatics on the Cloud: A Treasure Hunt for Advancing Cardiovascular Medicine. , 2018, Circulation research.

[22]  Tom J. Moir,et al.  An overview of applications and advancements in automatic sound recognition , 2016, Neurocomputing.

[23]  Jean-François Boulicaut,et al.  Mining Formal Concepts with a Bounded Number of Exceptions from Transactional Data , 2004, KDID.

[24]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[25]  Jesús Carretero,et al.  FedIDS: a federated cloud storage architecture and satellite image delivery service for building dependable geospatial platforms , 2018, Int. J. Digit. Earth.

[26]  Keke Gai,et al.  Spoofing-Jamming Attack Strategy Using Optimal Power Distributions in Wireless Smart Grid Networks , 2017, IEEE Transactions on Smart Grid.

[27]  Robert H. Sloan,et al.  Unauthorized Access - The Crisis in Online Privacy and Security , 2013 .

[28]  Mark Newman,et al.  Detecting community structure in networks , 2004 .

[29]  Miguel Morales-Sandoval,et al.  DET-ABE: A Java API for Data Confidentiality and Fine-Grained Access Control from Attribute Based Encryption , 2015, WISTP.

[30]  Hennie A. Kruger,et al.  Can perceptual differences account for enigmatic information security behaviour in an organisation? , 2016, Comput. Secur..

[31]  José Luis González,et al.  Sacbe: A building block approach for constructing efficient and flexible end-to-end cloud storage , 2018, J. Syst. Softw..

[32]  Kijpokin Kasemsap Mastering Intelligent Decision Support Systems in Enterprise Information Management , 2017 .

[33]  Jesús Carretero,et al.  SkyCDS: A resilient content delivery service based on diversified cloud storage , 2015, Simul. Model. Pract. Theory.

[34]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[35]  Antonio F. Gómez-Skarmeta,et al.  Towards an authorisation model for distributed systems based on the Semantic Web , 2010, IET Inf. Secur..

[36]  Matti Hiltunen,et al.  Mining large distributed log data in near real time , 2011, SLAML '11.

[37]  Yuqing Zhang,et al.  Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud , 2013, IEEE Transactions on Parallel and Distributed Systems.

[38]  Gwénolé Quellec,et al.  Deep image mining for diabetic retinopathy screening , 2016, Medical Image Anal..

[39]  Stephen Flowerday,et al.  Information security policy development and implementation: The what, how and who , 2016, Comput. Secur..

[40]  Zbigniew Kotulski,et al.  A new risk-based authentication management model oriented on user's experience , 2018, Comput. Secur..

[41]  Tetsuya Ogata,et al.  Audio-visual speech recognition using deep learning , 2014, Applied Intelligence.

[42]  Spyros Kokolakis,et al.  Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon , 2017, Comput. Secur..

[43]  Yong Tang,et al.  Trusted Data Sharing over Untrusted Cloud Storage Providers , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[44]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[45]  Miguel Morales-Sandoval,et al.  A pairing-based cryptographic approach for data security in the cloud , 2017, International Journal of Information Security.

[46]  Kai Fan,et al.  Secure and private key management scheme in big data networking , 2018, Peer-to-Peer Netw. Appl..

[47]  Peilin Hong,et al.  A Dynamic Secure Group Sharing Framework in Public Cloud Computing , 2014, IEEE Transactions on Cloud Computing.

[48]  Jin Li,et al.  Secure attribute-based data sharing for resource-limited users in cloud computing , 2018, Comput. Secur..

[49]  Arnon Rosenthal,et al.  Methodological Review: Cloud computing: A new business paradigm for biomedical information sharing , 2010 .

[50]  Keke Gai,et al.  Privacy-Preserving Content-Oriented Wireless Communication in Internet-of-Things , 2018, IEEE Internet of Things Journal.

[51]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[52]  Chunghun Lee,et al.  Understanding information security stress: Focusing on the type of information security compliance activity , 2016, Comput. Secur..

[53]  Keke Gai,et al.  Blend Arithmetic Operations on Tensor-Based Fully Homomorphic Encryption Over Real Numbers , 2018, IEEE Transactions on Industrial Informatics.

[54]  Ethan V. Munson,et al.  Maintaining Integrity and Non-Repudiation in Secure Offline Documents , 2017, DocEng.

[55]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[56]  Xiuping Jia,et al.  Effective Sequential Classifier Training for SVM-Based Multitemporal Remote Sensing Image Classification , 2017, IEEE Transactions on Image Processing.