Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin (2008)
Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2008 |
Autor(en): | Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin |
Art des Eintrags: | Bibliographie |
Titel: | Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains |
Sprache: | Deutsch |
Publikationsjahr: | Oktober 2008 |
Buchtitel: | 3rd ACM Workshop on Scalable Trusted Computing |
Zugehörige Links: | |
Kurzbeschreibung (Abstract): | The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation. |
Freie Schlagworte: | Secure Things |
ID-Nummer: | TUD-CS-2008-11480 |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
Hinterlegungsdatum: | 10 Mär 2016 10:18 |
Letzte Änderung: | 03 Jun 2018 21:31 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |