TU Darmstadt / ULB / TUbiblio

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Sadeghi, Ahmad-Reza and Winandy, Marcel and Stüble, Christian and Husseiki, Rani and Gasmi, Yacine and Stewin, Patrick and Unger, Martin (2008):
Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains.
In: 3rd ACM Workshop on Scalable Trusted Computing, [Conference or Workshop Item]

Abstract

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Item Type: Conference or Workshop Item
Erschienen: 2008
Creators: Sadeghi, Ahmad-Reza and Winandy, Marcel and Stüble, Christian and Husseiki, Rani and Gasmi, Yacine and Stewin, Patrick and Unger, Martin
Title: Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains
Language: German
Abstract:

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Title of Book: 3rd ACM Workshop on Scalable Trusted Computing
Uncontrolled Keywords: Secure Things
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 10 Mar 2016 10:18
Identification Number: TUD-CS-2008-11480
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item