Distributed systems, characterized by their ability to ensure the execution of multiple
transactions across a myriad of applications, constitute a prime platform for
building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both
time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an adaptive cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and re-encrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates
affect only the class concerned or those in its sub-poset. These extensions enhance
performance, but handling scenarios that require adaptability remain a challenge.
Our framework addresses this issue by allowing the CKM scheme to monitor the rate
at which key updates occur and to adjust resource (keys and encrypted data versions) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent
such attacks. A complexity and security analysis show the theoretical improvements
our schemes offer. Each algorithm presented is supported by a proof of concept
implementation, and experimental results to show the performance improvements. / Thesis (Ph.D, Computing) -- Queen's University, 2008-10-16 16:19:46.617
| Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:OKQ.1974/1557 |
| Date | 21 October 2008 |
| Creators | Kayem, ANNE |
| Contributors | Queen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.)) |
| Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
| Language | English, English |
| Detected Language | English |
| Type | Thesis |
| Format | 3004175 bytes, application/pdf |
| Rights | This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner. |
| Relation | Canadian theses |
Page generated in 0.0024 seconds