TU Darmstadt / ULB / TUbiblio

Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains

Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin (2008)
Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2008
Autor(en): Sadeghi, Ahmad-Reza ; Winandy, Marcel ; Stüble, Christian ; Husseiki, Rani ; Gasmi, Yacine ; Stewin, Patrick ; Unger, Martin
Art des Eintrags: Bibliographie
Titel: Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains
Sprache: Deutsch
Publikationsjahr: Oktober 2008
Buchtitel: 3rd ACM Workshop on Scalable Trusted Computing
Zugehörige Links:
Kurzbeschreibung (Abstract):

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.

Freie Schlagworte: Secure Things
ID-Nummer: TUD-CS-2008-11480
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 10 Mär 2016 10:18
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen