PAES: Policy-Based Authority Evaluation Scheme
نویسندگان
چکیده
Enterprise Rights Management (ERM) systems aim to protect disseminated data even after it has been sent to remote locations. Existing systems are based on common components, have similar functionalities and often have two shortcomings: a centralised architecture and a lack of concern for the trust and privacy of data recipients. To access the data, recipients must present their credentials to a policy evaluation authority, which they cannot choose and may not trust. Furthermore, recipients may be unable to access the data if their connection is intermittent or if they are off-line. To address these limitations, we propose PAES: a Policy-based Authority Evaluation Scheme, which combines data protection with a distributed policy evaluation protocol. The result allows us to implement the sticky policies paradigm in combination with trust management techniques. This permits distributing policy evaluation over a flexible set of authorities, simultaneously increasing the resilience of policy enforcement.
منابع مشابه
User Revocation Based Anonymous Access Provision for Efficient Cloud User Privacy
Cloud computing is a recent technology provides a flexible, on-demand and low cost feature of computing resources. The Main issue in Cloud Computing is user identity privacy and data content privacy. The User Privacy in Cloud Computing is achieved by various data access control Schemes. Existing Fully Anonymous Access control scheme with decentralized attribute authority provides data content p...
متن کاملHIR-CP-ABE: Hierarchical Identity Revocable Ciphertext-Policy Attribute-Based Encryption for Secure and Flexible Data Sharing
Ciphertext Policy Attribute-Based Encryption (CPABE) has been proposed to implement the attribute-based access control model. In CP-ABE, data owners encrypt the data with a certain access policy such that only data users whose attributes satisfy the access policy could obtain the corresponding private decryption key from a trusted authority. Therefore, CP-ABE is considered as a promising fine-g...
متن کاملAn Expressive Decentralizing KP-ABE Scheme with Constant-Size Ciphertext
Decentralizing attribute based encryption is a variant of multi-authority attribute based encryption which doesn’t require a trusted central authority to conduct the system setup. In this paper, we propose an expressive decentralizing KP-ABE scheme with constant ciphertext size. In our construction, the access policy can be expressed as any non-monotone access structure. Meanwhile, the cipherte...
متن کاملA Lterature Survey on Revocable Multiauthority Cipher Text-policy Attribute-based Encryption (cp-abe) Scheme for Cloud Storage
In a Cloud Computing the data security achieved by Data Access Control Scheme. Cipher text-Policy Attribute-based Encryption (CP-ABE) is considered as one of the most suitable scheme for data access control in cloud storage. This scheme provides data owners more direct control on access policies. However, CP-ABE schemes to data access control for cloud storage systems are difficult because of t...
متن کاملDecentralizing Policy-Hiding Attribute-Based Encryption
Attribute-based encryption (ABE) enables limiting access to encrypted data to users who possess certain attributes. Different aspects of ABE have been studied, such as the multi-authority setting (MA-ABE), and policy hiding, meaning the access policy is unknown to unauthorized parties, as in predicate encryption (PE). However, no practical scheme so far provided both properties, which are often...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009