<p>In service-oriented
architecture, services can communicate and share data among themselves. This
thesis presents a solution that allows detecting several types of data leakages
made by authorized insiders to unauthorized services. My solution provides
role-based and attribute-based access control for data so that each service can
access only those data subsets for which the service is authorized, considering
a context and service’s attributes such as security level of the web browser
and trust level of service. My approach provides data protection in transit and
at rest for both centralized and peer-to-peer service architectures. The methodology
ensures confidentiality and integrity of data, including data stored in untrusted
cloud. In addition to protecting data against malicious or curious cloud or
database administrators, the capability of running a search through encrypted
data, using SQL queries, and building analytics over encrypted data is
supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to
Encrypted Data Processing in Untrusted Environments) project, funded by
Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is
illustrated in this thesis for two use cases, including a Hospital Information
System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything
communication system with secure exchange of vehicle’s and drivers’ data, as
well as data on road events and road hazards. </p><p>To help with
investigating data leakage incidents in service-oriented architecture,
integrity of provenance data needs to be guaranteed. For that purpose, I
integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every
data access, transfer or update is recorded in a public blockchain ledger, is
non-repudiatable and can be verified at any time in the future. The work on
this project, called “Blockhub,” is in progress.</p>
Identifer | oai:union.ndltd.org:purdue.edu/oai:figshare.com:article/8024345 |
Date | 15 May 2019 |
Creators | Denis A Ulybyshev (6620474) |
Source Sets | Purdue University |
Detected Language | English |
Type | Text, Thesis |
Rights | CC BY-NC-SA 4.0 |
Relation | https://figshare.com/articles/Data_Protection_in_Transit_and_at_Rest_with_Leakage_Detection/8024345 |
Page generated in 0.0023 seconds