Spelling suggestions: "subject:"cynamic data haring"" "subject:"cynamic data charing""
1 |
Adaptive Cryptographic Access Control for Dynamic Data Sharing EnvironmentsKayem, ANNE 21 October 2008 (has links)
Distributed systems, characterized by their ability to ensure the execution of multiple
transactions across a myriad of applications, constitute a prime platform for
building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both
time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an adaptive cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and re-encrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates
affect only the class concerned or those in its sub-poset. These extensions enhance
performance, but handling scenarios that require adaptability remain a challenge.
Our framework addresses this issue by allowing the CKM scheme to monitor the rate
at which key updates occur and to adjust resource (keys and encrypted data versions) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent
such attacks. A complexity and security analysis show the theoretical improvements
our schemes offer. Each algorithm presented is supported by a proof of concept
implementation, and experimental results to show the performance improvements. / Thesis (Ph.D, Computing) -- Queen's University, 2008-10-16 16:19:46.617
|
Page generated in 0.0811 seconds