Self-Protecting Documents for Cloud Storage Security

International audienceInformation security is currently one of the most important issues in information systems. This concerns the confidentiality of information but also its integrity and availability. The problem becomes even more difficult when several companies are working together on a project and that the various documents "go out of" their respective information systems. We propose an architecture in which the documents themselves ensure their security and thus can be exchanged over uncontrolled resources such as cloud storage or even USB flash drives. For this we encapsulate within the document itself some security components (e.g. access control, usage control) to achieve an autonomic document architecture for Enterprise DRM (E-DRM). Using such self-protecting documents, a company can ensure security and privacy for its documents when outsourcing storage services (e.g. cloud)

The Audit Logic: Policy Compliance in Distributed Systems

We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) proof that the authority can systematically check for validity. Tools for automatically checking and generating proofs are also part of the framework.\u

iDRM - Interoperability Mechanisms for Open Rights Management Platforms

Today’s technology is raising important challenges in the Intellectual Property (IP) field in general and to Copyright in particular [Arkenbout et al., 2004]. The same technology that has made possible the access to content in a ubiquitous manner, available to everyone in a simple and fast way, is also the main responsible for the challenges affecting the digital content IP of our days [Chiariglione, 2000]. Technological solutions and legal frameworks were created to meet these new challenges. From the technological point of view, Rights Management Systems (RMS) and Copy Protection Systems (CPS) have been developed and deployed to try to cope with them. At first, they seemed to work however, their closed and non-interoperable nature and a growing number of wrong strategic business decisions, soon lead to a strong opposition. One of the strongest negative points is the lack of rights management interoperability [Geer, 2004]. The work presented on this thesis primarily addresses the RMS interoperability problems. The objective of the thesis is to present some possible mechanisms to improve the interoperability between the different existing and emerging rights management platforms [Guth, 2003a]. Several different possible directions to rights management interoperability are pointed in this thesis. One of the most important is openness. Interoperability between different rights management mechanisms can only be achieved if they are open up to a certain level. Based on this concept, an open rights management platform is designed and presented in this thesis. Also, some of the interoperability mechanisms are presented and explained. This platform makes usage of the emerging service-oriented architectures to provide a set of distributed rights management services. Rights management solutions rely heavily on the establishment of authenticated and trust environments between its different elements. While considering different RMS, the establishment of such trust environments can be somehow complex. This thesis provides a contribution to the establishment of interoperable RMS trust environments through the usage of Public-Key Infrastructure (PKI) mechanisms. Modern rights management systems have to handle with both keying material and licenses which are used mostly to define how content is governed by the system. Managing this is a complex and hard task when different rights management solutions are considered. This thesis presents and describes a generic model to handle the key and license management life cycle, that can be used to establish a global interoperable management solution between different RMS

Property as the Law of Virtual Things

Property law in the twentieth century moved from the law of things to the law of rights in things. This was a process of fragmentation: Under Hohfeldian property, we conceive of property as a bundle of sticks, and those sticks can be moved to different holders; the right to possess can be separated from the record ownership right, for example. The downside of Hohfeld\u27s model is that physical objects—things—become informationally complicated. Thing-ness constrains the extravagances of Hohfeldian property: although we can split off the right to possess from the right to exclude, use, destroy, copy, manage, repair, and so on, there is a gravitational pull to tie these sticks back into a useful bundle centered on the asset, the thing. Correspondingly, there has been an “informational turn” to property law, looking at the ways in which property law serves to limit property forms to reduce search costs, and to identify and celebrate the informational characteristics of thing-ness. The question of thing-ness came to a head in the context of digital and smart assets with the formation of non-fungible tokens. NFTs were attempts to generate and sell “things,” a conceptually coherent something that can contain a loose bundle of rights. The project was an attempt to re-create thing-ness by an amalgam of cryptography, game theory, and intellectual property. This essay discusses thing-ness in the context of digital assets, how simulated thing-ness differs from physical thing-ness, and the problems that arise from attempts to reify digital assets

Data-centric security : towards a utopian model for protecting corporate data on mobile devices

Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered

Cyber Security

This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition

Building information modeling – A game changer for interoperability and a chance for digital preservation of architectural data?

Digital data associated with the architectural design-andconstruction process is an essential resource alongside -and even past- the lifecycle of the construction object it describes. Despite this, digital architectural data remains to be largely neglected in digital preservation research – and vice versa, digital preservation is so far neglected in the design-and-construction process. In the last 5 years, Building Information Modeling (BIM) has seen a growing adoption in the architecture and construction domains, marking a large step towards much needed interoperability. The open standard IFC (Industry Foundation Classes) is one way in which data is exchanged in BIM processes. This paper presents a first digital preservation based look at BIM processes, highlighting the history and adoption of the methods as well as the open file format standard IFC (Industry Foundation Classes) as one way to store and preserve BIM data

System architecture, content authentication and digital right management (DRM) for eLearning

This thesis provides a frame for Personal eLearning System (PELS) with content security, authentication and Digital Right Management. It presents an efficient algorithm for eLearning problem-solution using graph partitioning and weighted bipartite graph. The research provides an eLearning Analytics Ecosystem using statistical methods for validation of Quality of Results (QoR).<br /