SafeProtect: Controlled Data Sharing With User-Defined Policies in Cloud-Based Collaborative Environment

摘要

There are many cloud-based applications consumed by users, which encourage data sharing with not only peers, but also new friends and collaborators. Data are increasingly being stored outside the confines of the data owner’s machine with little knowledge to the data owner, how and where the data are being stored and used. Hence, there is a strong need for the data owner to have a stronger control over their data, similar to the level of control they possess when the data are stored on their own machine. For instance, when a data owner shares a secret file with a friend, he cannot guarantee what his friend will do with the data. In this paper, we attempt to address this problem by monitoring and preventing unauthorized operations by the data consumer. We present a solution called SafeProtect, which bundles the data owner’s data and policy, based on XACML, in an object. SafeProtect enforces the policies set out by the data owner by communicating with the SaaS applications to disable certain commands and/or run a background process monitor for auditability/accountability purposes. We define a protocol that will enable secure data sharing in the cloud and leverage the use of the trusted extension device for authentication purposes.