UCT CS Research Document Archive

On Monitoring Information Flow of Outsourced Data

Kayem, Anne V. D. M. (2010) On Monitoring Information Flow of Outsourced Data. In Proceedings 9th Conference on Information Security South Africa (ISSA 2010), Sandton, Johanesburg, South Africa.

Full text available as:

Abstract

Data outsourcing is an Internet-based paradigm that allows organizations to share data cost-effectively by transferring data to a third-party service provider for management. Enforcing outsourced data privacy in untrustworthy environments is challenging because the data needs to be kept secret both from unauthorized users and the service provider (SP). Existing approaches propose that the data owner(s) encrypt the data before it is transferred to the service provider to preserve confidentiality. Access is only granted to a user initiated program if the key presented can decrypt the data into a readable format. Therefore the data owner can control access to the data without having to worry about the management costs. However, this approach fails to monitor the data once it has been retrieved from the SP’s end. So, a user can retrieve information from the SP’s end and share it with unauthorized users or even the SP. We propose a conceptual framework, based on the concept of dependence graphs, for monitoring data exchanges between programs in order to prevent unauthorized access. The framework has a distributed architecture which is suitable for data outsourcing environments and the web in general. Each data object contains a cryptographic tag (like an invisible digital watermark) that is computed by using a cryptographic hash function to combine the checksum of the data and the encryption key. In order to execute an operation with a data object the key presented for decryption must match the one associated with the user’s role and generate a cryptographic tag that matches the one embedded into the data. Tracing data exchanges, in this way, can leverage data privacy for organizations that transfer data management to third party service providers.

EPrint Type:Conference Paper
Keywords:Information flow control, Outsourced data, cryptographic access control
Subjects:H Information Systems: H.3 INFORMATION STORAGE AND RETRIEVAL
E Data: E.3 DATA ENCRYPTION
ID Code:644
Deposited By:Kayem, AVDM
Deposited On:01 December 2010
Alternative Locations:http://people.cs.uct.ac.za/~akayem/Publications.html, http://ieeexplore.ieee.org/search/searchresult.jsp?newsearch=true&queryText=On+Monitoring+Information+flow+of+Outsourced+Data&tag=1