TU Darmstadt / ULB / TUbiblio

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin :
Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains.
3rd ACM Workshop on Scalable Trusted Computing
[Konferenz- oder Workshop-Beitrag], (2008)

Kurzbeschreibung (Abstract)

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2008
Autor(en): Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin
Titel: Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains
Sprache: Deutsch
Kurzbeschreibung (Abstract):

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Buchtitel: 3rd ACM Workshop on Scalable Trusted Computing
Freie Schlagworte: Secure Things
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 10 Mär 2016 10:18
ID-Nummer: TUD-CS-2008-11480
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen