A Rule-Based, Decentralized Approach to Secure Information Sharing
碩士 === 國立交通大學 === 資訊科學系所 === 93 === As the Internet becomes a ubiquitous environment where people with different background and purposes can share their information, information security and privacy have become an increasingly critical issue. With poor protection, informa-tion systems may leak sensi...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2005
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/94602722288070175936 |
| id |
ndltd-TW-093NCTU5394111 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-093NCTU53941112016-06-06T04:10:54Z http://ndltd.ncl.edu.tw/handle/94602722288070175936 A Rule-Based, Decentralized Approach to Secure Information Sharing 一個以規則為基礎之非集中式資料共享安全機制 徐嘉宏 碩士 國立交通大學 資訊科學系所 93 As the Internet becomes a ubiquitous environment where people with different background and purposes can share their information, information security and privacy have become an increasingly critical issue. With poor protection, informa-tion systems may leak sensitive information to the open public. To reduce such risks, there have been many security mechanisms and technologies proposed and developed. Most of these approaches rely on a mixture of label-based access con-trol and information flow mechanisms. Specifically, they enforce various security policies by attaching suitable labels to information as well as users and grant data access based on these labels. However, many labeling approaches often require complicated managerial efforts in order to set up and enforce security policies cor-rectly. In addition, they focus primarily on labeling data without paying too much attention to sharing tools that process these data. As a result, whether a given tool can access a piece of data depends on who is invoking the tool, making correct security management more challenging. In this thesis, we propose an information sharing model that permits controlling information flow in a flexible, decentralized manner, where each user can specify his/her own access hierarchy instead of rely-ing on centralized security management. Based on the access hierarchy, each user can label both data and tools in a consistent manner, and can realize data declassifi-cation by restricting or relaxing the access level of individual tools. Finally, to re-duce the overhead associated with individual data labeling, we introduce a rule-based labeling mechanism to associate data with their access levels correspondingly. In summary, we believe our model is a unification of and improvement over exist-ing access control mechanisms, and can contribute to secure information sharing over the Internet. 陳俊穎 2005 學位論文 ; thesis 52 en_US |
| collection |
NDLTD |
| language |
en_US |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立交通大學 === 資訊科學系所 === 93 === As the Internet becomes a ubiquitous environment where people with different background and purposes can share their information, information security and privacy have become an increasingly critical issue. With poor protection, informa-tion systems may leak sensitive information to the open public. To reduce such risks, there have been many security mechanisms and technologies proposed and developed. Most of these approaches rely on a mixture of label-based access con-trol and information flow mechanisms. Specifically, they enforce various security policies by attaching suitable labels to information as well as users and grant data access based on these labels. However, many labeling approaches often require complicated managerial efforts in order to set up and enforce security policies cor-rectly. In addition, they focus primarily on labeling data without paying too much attention to sharing tools that process these data. As a result, whether a given tool can access a piece of data depends on who is invoking the tool, making correct security management more challenging. In this thesis, we propose an information sharing model that permits controlling information flow in a flexible, decentralized manner, where each user can specify his/her own access hierarchy instead of rely-ing on centralized security management. Based on the access hierarchy, each user can label both data and tools in a consistent manner, and can realize data declassifi-cation by restricting or relaxing the access level of individual tools. Finally, to re-duce the overhead associated with individual data labeling, we introduce a rule-based labeling mechanism to associate data with their access levels correspondingly. In summary, we believe our model is a unification of and improvement over exist-ing access control mechanisms, and can contribute to secure information sharing over the Internet.
|
| author2 |
陳俊穎 |
| author_facet |
陳俊穎 徐嘉宏 |
| author |
徐嘉宏 |
| spellingShingle |
徐嘉宏 A Rule-Based, Decentralized Approach to Secure Information Sharing |
| author_sort |
徐嘉宏 |
| title |
A Rule-Based, Decentralized Approach to Secure Information Sharing |
| title_short |
A Rule-Based, Decentralized Approach to Secure Information Sharing |
| title_full |
A Rule-Based, Decentralized Approach to Secure Information Sharing |
| title_fullStr |
A Rule-Based, Decentralized Approach to Secure Information Sharing |
| title_full_unstemmed |
A Rule-Based, Decentralized Approach to Secure Information Sharing |
| title_sort |
rule-based, decentralized approach to secure information sharing |
| publishDate |
2005 |
| url |
http://ndltd.ncl.edu.tw/handle/94602722288070175936 |
| work_keys_str_mv |
AT xújiāhóng arulebaseddecentralizedapproachtosecureinformationsharing AT xújiāhóng yīgèyǐguīzéwèijīchǔzhīfēijízhōngshìzīliàogòngxiǎngānquánjīzhì AT xújiāhóng rulebaseddecentralizedapproachtosecureinformationsharing |
| _version_ |
1718294931302252544 |