Adaptive Cryptographic Access Control for Dynamic Data Sharing Environments

dc.contributor.authorKayem, Anneen
dc.contributor.supervisorMartin, Patricken
dc.contributor.supervisorAkl, Selimen
dc.date2008-10-16 16:19:46.617's University at Kingstonen
dc.descriptionThesis (Ph.D, Computing) -- Queen's University, 2008-10-16 16:19:46.617en
dc.description.abstractDistributed systems, characterized by their ability to ensure the execution of multiple transactions across a myriad of applications, constitute a prime platform for building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an adaptive cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and re-encrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates affect only the class concerned or those in its sub-poset. These extensions enhance performance, but handling scenarios that require adaptability remain a challenge. Our framework addresses this issue by allowing the CKM scheme to monitor the rate at which key updates occur and to adjust resource (keys and encrypted data versions) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent such attacks. A complexity and security analysis show the theoretical improvements our schemes offer. Each algorithm presented is supported by a proof of concept implementation, and experimental results to show the performance improvements.en
dc.format.extent3004175 bytes
dc.relation.ispartofseriesCanadian thesesen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectAccess Controlen
dc.subjectDatabase Securityen
dc.subjectAutonomic Computingen
dc.subjectCryptographic Key Managementen
dc.subjectDynamic Data Sharingen
dc.titleAdaptive Cryptographic Access Control for Dynamic Data Sharing Environmentsen
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
2.87 MB
Adobe Portable Document Format