ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.1109/ARES.2011.23

M. R. Asghar, Mihaela Ion, G. Russello, B. Crispo

{"title":"ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments","authors":"M. R. Asghar, Mihaela Ion, G. Russello, B. Crispo","doi":"10.1109/ARES.2011.23","DOIUrl":null,"url":null,"abstract":"The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.

查看原文本刊更多论文

ESPOON:在外包环境中实施加密的安全策略

在外包环境中实施安全策略对于基于策略的系统来说仍然是一个公开的挑战。一方面，采取适当的安全决策需要访问策略。但是，如果在不受信任的环境中允许这样的访问，那么机密信息可能会被策略泄露。当前的解决方案基于将安全策略嵌入安全机制的加密操作。因此，通过允许授权方访问适当的密钥来执行此类策略。我们认为，这种解决方案过于僵化，因为它们将授权政策与执行机制严格地纠缠在一起。在本文中，我们希望解决在不受信任的环境中执行安全策略的问题，同时保护策略的机密性。我们的解决方案ESPOON旨在提供安全策略和执行机制之间的明确分离。但是，强制执行机制应该尽可能少地了解策略和请求者属性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量