移动PAES:危机管理情境下政策评估的权力下放示范

2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI:10.1109/POLICY.2010.21

E. Scalavino, V. Gowadia, Rudi Ball, Emil C. Lupu, G. Russello

{"title":"移动PAES:危机管理情境下政策评估的权力下放示范","authors":"E. Scalavino, V. Gowadia, Rudi Ball, Emil C. Lupu, G. Russello","doi":"10.1109/POLICY.2010.21","DOIUrl":null,"url":null,"abstract":"Traditional data protection schemes deployed in Enterprise Rights Management systems rely on centralised infrastructures where recipients must request authorisation for data access from remote evaluation authorities, trusted by the data originator to keep the data decryption keys and evaluate authorisation policies. During emergency situations when network connection is intermittent these solutions are no longer viable. This demonstration presents a implementation of the hierarchical Policy-based Authority Evaluation Protocol (PAES) that allows the devolution of authority over policy evaluations in a disconnected crisis area. The demonstration simulates the movements of rescuers in the area and the creation of opportunistic connections when they meet. These connections are then used for cross-evaluation of authority and distribution of cryptographic keys in addition to transmitting the data. PAES guarantees a correct policy evaluation at each encounter, so only authorised rescuers finally obtain the authority to access the disseminated data.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Mobile PAES: Demonstrating Authority Devolution for Policy Evaluation in Crisis Management Scenarios\",\"authors\":\"E. Scalavino, V. Gowadia, Rudi Ball, Emil C. Lupu, G. Russello\",\"doi\":\"10.1109/POLICY.2010.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traditional data protection schemes deployed in Enterprise Rights Management systems rely on centralised infrastructures where recipients must request authorisation for data access from remote evaluation authorities, trusted by the data originator to keep the data decryption keys and evaluate authorisation policies. During emergency situations when network connection is intermittent these solutions are no longer viable. This demonstration presents a implementation of the hierarchical Policy-based Authority Evaluation Protocol (PAES) that allows the devolution of authority over policy evaluations in a disconnected crisis area. The demonstration simulates the movements of rescuers in the area and the creation of opportunistic connections when they meet. These connections are then used for cross-evaluation of authority and distribution of cryptographic keys in addition to transmitting the data. PAES guarantees a correct policy evaluation at each encounter, so only authorised rescuers finally obtain the authority to access the disseminated data.\",\"PeriodicalId\":143330,\"journal\":{\"name\":\"2010 IEEE International Symposium on Policies for Distributed Systems and Networks\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE International Symposium on Policies for Distributed Systems and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2010.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2010.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

企业权限管理系统中部署的传统数据保护方案依赖于集中式基础设施，其中接收者必须向远程评估机构请求访问数据的授权，这些机构受到数据发起者的信任，可以保留数据解密密钥并评估授权策略。在网络连接断断续续的紧急情况下，这些解决方案不再可行。此演示展示了分层的基于策略的权限评估协议(PAES)的实现，该协议允许在断开连接的危机区域中将权限下放到策略评估上。该演示模拟了救援人员在该地区的行动，以及他们相遇时创造的机会性联系。除了传输数据之外，这些连接还用于权限的交叉评估和加密密钥的分发。PAES保证在每次遭遇时都有正确的政策评估，因此只有获得授权的救援人员才能最终获得访问传播数据的权限。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Mobile PAES: Demonstrating Authority Devolution for Policy Evaluation in Crisis Management Scenarios

Traditional data protection schemes deployed in Enterprise Rights Management systems rely on centralised infrastructures where recipients must request authorisation for data access from remote evaluation authorities, trusted by the data originator to keep the data decryption keys and evaluate authorisation policies. During emergency situations when network connection is intermittent these solutions are no longer viable. This demonstration presents a implementation of the hierarchical Policy-based Authority Evaluation Protocol (PAES) that allows the devolution of authority over policy evaluations in a disconnected crisis area. The demonstration simulates the movements of rescuers in the area and the creation of opportunistic connections when they meet. These connections are then used for cross-evaluation of authority and distribution of cryptographic keys in addition to transmitting the data. PAES guarantees a correct policy evaluation at each encounter, so only authorised rescuers finally obtain the authority to access the disseminated data.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 IEEE International Symposium on Policies for Distributed Systems and Networks

自引率

0.00%

发文量