Secure Compartmented Data Access over an Untrusted Network using a COTS-based Architecture
نویسندگان
چکیده
In this paper, we present an approach to secure compartmented data access over an untrusted network using a secure network computing architecture. We describe the architecture and show how application-level firewalls and other commercial-off-the-shelf (COTS) products may be used to implement compartmentalized access to sensitive information and to provide access control over an untrusted network and in a variety of environments. Security-related issues and assumptions are discussed. We compare our architecture to other models of controlling access to sensitive data and draw conclusions about the requirements for high-security solutions for electronic business as well as DoD applications.
منابع مشابه
Performance Study of Untrusted Relay Network Utilizing Cooperative Jammer
Abstract—In this paper, the problem of secure transmission in two-hop amplify-and-forward (AF) systems with an untrusted relay is investigated. To prevent the untrusted relay from intercepting the source message and to achieve positive secrecy rate, the destination-based cooperative jamming (DBCJ) technique is used. In this method the destination sends an intended jamming signal to the relay. T...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملPrivacy Protection for Mobile Cloud Data: A Network Coding Approach
Taking into account of both the huge computing power of intruders and the untrustedness of cloud servers, we develop an enhanced secure pseudonym scheme to protect the privacy of mobile cloud data. To face the huge computing power challenge, we develop an unconditionally secure light-weight network coding pseudonym scheme. For the privacy issue of untrusted cloud server, we further design a two...
متن کاملAn Approach for Cross-Domain Intrusion Detection
Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security levels, however, presents subtle and complicated challenges. Analysis of intrusion alerts collected on an individual network only reveals malicious attempts to compromise th...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کامل