a secure autonomous document architecture for enterprise
play

A Secure Autonomous Document Architecture for Enterprise Digital - PowerPoint PPT Presentation

Jun 09, 2023 •222 likes •591 views

A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Universit e de Pau et des Pays de lAdour Mont de Marsan, France manuel.munier@univ-pau.fr SITIS 2011 November 28 - December 1, 2011

  1. A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Universit´ e de Pau et des Pays de l’Adour Mont de Marsan, France manuel.munier@univ-pau.fr SITIS 2011 November 28 - December 1, 2011 Dijon, France

  2. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives This paper Information system security is currently one of the most important goals for enterprises The problem becomes even more difficult if a user wants to ”checkout” a document from the information system e.g. to work offline or to distribute the document to other people outside the organization ⇒ Problem: how to ensure the security of the document once it has left the information system ? Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 2 / 36

  3. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives This paper We use an object oriented approach to encapsulate within the document itself some security components (access control, usage control, traceability,. . . ) ⇒ The ”intelligent” document self-manages its own security ⇒ We defined 1 a secure autonomous document architecture for Enterprise Digital Right Management 1 project FLUOR, ANR-SESUR 2008-2011 http://fluor.no-ip.fr/index.php Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 3 / 36

  4. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Table of contents Context of Information Sharing 1 Intelligent Documents 2 Platform Implementation 3 Conclusion & Perspectives 4 Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 4 / 36

  5. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Information sharing ? collaborative work for enterprises : reports, medical records, tender documents, whole project as bulk document,. . . documents can go outside the company where they have been designed (export from IS). . . and return (import updated documents) we have to control how partners use the documents - access control (of course. . . ) - usage control (cf. obligations) e.g. user has to read a section before writing his review - traceability (cf. metadata, auditing,. . . ) ⇒ D igital R ight M anagement approach with user licenses → E nterprise -DRM Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 5 / 36

  6. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Document security enforced on server side ”Classic” DRM architectures server ciphers the digital document & build user license client side viewer deciphers the document according to rights found in the license ⇒ well suited for multimedia documents - content providers & read-only viewer clients - the document is created once and never changes - security policy remains the same Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 6 / 36

  7. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Document security enforced on server side E-DRM architectures documents are not ”static” ⇒ updates, item deletion, read, read, update,... new data,. . . update,... security policy may change during the document lifecycle ⇒ client application has to contact the server to check access & usage rights for user actions server can also provide audit facilities → traceability allows to control how information is used & to demonstrate that it has been used as defined in the security policy off-line use by leasing the document for a finite period of time e.g. Adobe LiveCycle Policy Server Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 7 / 36

  8. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Specific needs Our specific needs users can update shared documents ( � = multimedia DRM) multi-site enterprises, virtual enterprises, nomadic users → using a centralized site for the exchanges is seen as a constraint usability with legacy applications: email attachment, USB flash drive, share resource on a WebDAV server,. . . → users could exchange docs without having to connect to a server ⇒ ”Classic” centralized architectures do not suit these needs Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 8 / 36

  9. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Object oriented approach OO approach to encapsulate data : content of the checkout, checkin document itself synchronize security control components : read, update,... access control, usage control, read, update,... exchange traceability & metadata, collaborative work management,. . . ⇒ autonomous document self-manages its security → such a document is a kind of information system on its own Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 9 / 36

  10. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Context of Information Sharing Object oriented approach How to ”use” such a document ? when ”opening” the document, the user should provide her/his license security control components are configured according to security rules contained in the user license → permissions, obligations, metadata required,. . . they check all the accesses to information (embedded IS) . . . user can forward the document to another user (who handles the document according to her/his own license) → no need to publish the amended doc on the server Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 10 / 36

  11. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Intelligent Documents Overall architecture Main components embedded database → contents of the document, metadata security kernel & security modules License → enforce the security policy → monitor all actions on the doc Legacy OrBAC embedded applications & services applications Metadata r Contexts u n → dedicated tools Security kernel Eg: import/export XML → export/import mechanisms r u n Information Embedded (database) applications user license Eg: XML editor, WebDAV server → permissions, prohibitions, obligations → metadata to be collected Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 11 / 36

  12. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Intelligent Documents Embedded database License Legacy OrBAC applications Metadata r Contexts u n Security kernel Eg: import/export XML r u n Information Embedded ( database ) applications Eg: XML editor, WebDAV server Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 12 / 36

  13. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Intelligent Documents Embedded database In previous work we defined a new data model for embedded information system - multi-view approach to ensure both confidentialty & integrity - formal model to store data & calculate views - mapping of user actions to ”low level” actions Dilemma privacy vs. integrity → Confidentiality : How to prevent the disclosure of information to unauthorized individuals (or systems) - breach of access control: someone can perform actions without the proper permissions - system behavior allows one to deduce the existence of hidden information → Integrity : How to avoid data to be modified without authorization - someone accidentally (or with malicious intent) modifies/deletes data by side effects of a legitimate action Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 13 / 36

  14. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Intelligent Documents Embedded database - Example: removing nodes in data tree rud 1 User can access nodes 1,2,3,7 with permissions r ead, u pdate and d elete 2 7 rud rud He’s not aware of nodes 4,5,6 3 rud 4 What happens if he decides 5 6 to delete the node 2 ? Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 14 / 36

  15. Context of Information Sharing Intelligent Documents Platform Implementation Conclusion & Perspectives Intelligent Documents Embedded database - Example: removing nodes in data tree rud 1 If the system accepts to remove nodes 2 and 3, what 2 7 rud rud happens for node 4 ? Breach of integrity: node 4 3 rud 4 is no longer attached to the tree 5 6 Manuel Munier : A Secure Autonomous Document Architecture for E-DRM SITIS 2011 15 / 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enterprise Architecture: The Next 20 Years Dr. John Gtze Enterprise Architecture? A

Enterprise Architecture: The Next 20 Years Dr. John Gtze Enterprise Architecture? A

Enterprise Architecture: The Next 20 Years Dr. John Gtze Enterprise Architecture? A discipline A profession A mindset EA s purpose: Line of sight Strategy Technology Business 4 EA = The analysis and documentation of an enterprise

607 views • 60 slides
A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language Description Language Jie Ren, Richard N. Taylor Department of Informatics University of California, Irvine Software Security Assurance Tools, Techniques,

354 views • 22 slides
BIAN Introduction BY BABAK DARVISH ROUHANI (PHD) SALEH RAD 1 Enterprise Architecture 2

BIAN Introduction BY BABAK DARVISH ROUHANI (PHD) SALEH RAD 1 Enterprise Architecture 2

BIAN Introduction BY BABAK DARVISH ROUHANI (PHD) SALEH RAD 1 Enterprise Architecture 2 Enterprise Architecture Enterprise Architecture (EA) To align Business and Information Technology To integrate environment for enterprise EA

985 views • 36 slides
USING HAZARD ANALYSIS TO MAKE EARLY ARCHITECTURE DECISIONS FOR AN AUTONOMOUS AUTOMOTIVE

USING HAZARD ANALYSIS TO MAKE EARLY ARCHITECTURE DECISIONS FOR AN AUTONOMOUS AUTOMOTIVE

USING HAZARD ANALYSIS TO MAKE EARLY ARCHITECTURE DECISIONS FOR AN AUTONOMOUS AUTOMOTIVE APPLICATION SATURN 2015 Joakim Frberg Architecture Analysis for an Autonomous Hauler A Safe Autonomous Machine: Early Architecture Decisions

490 views • 17 slides
Supercharging Enterprise MultiClouds Empowering The Enterprise Cloud SIMPLE OPEN SECURE Run

Supercharging Enterprise MultiClouds Empowering The Enterprise Cloud SIMPLE OPEN SECURE Run

Winning As One Supercharging Enterprise MultiClouds Empowering The Enterprise Cloud SIMPLE OPEN SECURE Run applications and Be unshackled from Enable comprehensive services seamlessly in legacy technologies and and multi-dimensional

465 views • 7 slides
EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios

EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios

DSM 2012 EA Anamnesis: Towards an approach for Enterprise Architecture rationalization Georgios Plataniotis Sybren de Kinderen Henderik A. Proper CRP Henri Tudor, Luxembourg 1 Enterprise Architecture A design that shows

450 views • 17 slides
Ralph Hodgson Realizing a semantic solution: Ontologies are like and unlike other IT models

Ralph Hodgson Realizing a semantic solution: Ontologies are like and unlike other IT models

Enterprise Architecture in SOA: Coverage Models and Methodologies Going Semantic Semantic technology May 23 rd , 2005 Enterprise architecture and semantic technology Enterprise architecture maturity model Capabilities of semantic

244 views • 9 slides
Opportunities in H2020 Secure Societies Michael Murphy PhD Enterprise Ireland Secure

Opportunities in H2020 Secure Societies Michael Murphy PhD Enterprise Ireland Secure

Opportunities in H2020 Secure Societies Michael Murphy PhD Enterprise Ireland Secure Societies Delegate & Contact Point 12 th Dec 2016 My Role Represent the Irish position on civil Security R&D to the European

592 views • 24 slides
INF 5890 IT and Management Enterprise Architecture Bendik

INF 5890 IT and Management Enterprise Architecture Bendik

INF 5890 IT and Management Enterprise Architecture Bendik Bygstad IFI March 2016 Learning outcomes Understand the concept and purpose of enterprise

244 views • 22 slides
Enterprise architecture for artificial intelligence Kishau Rogers INTRODUCTION WHAT TO EXPECT

Enterprise architecture for artificial intelligence Kishau Rogers INTRODUCTION WHAT TO EXPECT

Enterprise architecture for artificial intelligence Kishau Rogers INTRODUCTION WHAT TO EXPECT Tips for reducing the friction of AI Background: Computer Science, Entrepreneur, 24yrs adoption in the enterprise using delivering enterprise

536 views • 14 slides
Government Enterprise Architecture for New Zealand GEA-NZ v3.0 Department of Internal Affairs

Government Enterprise Architecture for New Zealand GEA-NZ v3.0 Department of Internal Affairs

Government Enterprise Architecture for New Zealand GEA-NZ v3.0 Department of Internal Affairs GEA-NZ v3.0 Goals and Objectives One of the primary goals of Enterprise Architecture Ensure investments are cost-effective, sustainable

679 views • 39 slides
Autonomous Ground Systems Systems Architecture for Semantic Information-Sharing in Unmanned

Autonomous Ground Systems Systems Architecture for Semantic Information-Sharing in Unmanned

Autonomous Ground Systems Systems Architecture for Semantic Information-Sharing in Unmanned Convoys Dr. Jeffrey L. Ferrin Taylor C. Bybee Autonomous Solutions, Inc. 8/9/2018 UNCLASSIFIED: Distribution Statement A. Approved for public

835 views • 20 slides
Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Use Case Sharing: Enterprise 2.0 Secure Cloud Mail and Content Collaboration Market Development Director / Andy Lin Secure Mail & Collaboration Solution Provider 4 5 On-Premise Cloud OEM Cloud

657 views • 32 slides
Governance Enterprise Architecture Working Group (EAWG)- Updates EAWG Charter EAWG

Governance Enterprise Architecture Working Group (EAWG)- Updates EAWG Charter EAWG

Governance Enterprise Architecture Working Group (EAWG)- Updates EAWG Charter EAWG Statewide Policy Setting Procedures EAWG Policies Being Drafted Security & Privacy Bring Your Own Device Enterprise Shared Services Enterprise

365 views • 8 slides
EA DMP Project Enterprise Architecture Depot Modernisation Project Imraan Khan (PRASA

EA DMP Project Enterprise Architecture Depot Modernisation Project Imraan Khan (PRASA

EA DMP Project Enterprise Architecture Depot Modernisation Project Imraan Khan (PRASA Enterprise Architecture), May 2015 What is EA DMP Initiative? PRASA has embarked on a multi billion rolling stock renewal project. The new trains require

440 views • 31 slides
DEEP LEARNING INFRASTRUCTURE FOR AUTONOMOUS VEHICLES Pradeep Gupta | Solutions Architecture,

DEEP LEARNING INFRASTRUCTURE FOR AUTONOMOUS VEHICLES Pradeep Gupta | Solutions Architecture,

DEEP LEARNING INFRASTRUCTURE FOR AUTONOMOUS VEHICLES Pradeep Gupta | Solutions Architecture, Autonomous Driving Poonam Chitale | AI Infra Product Manager 1 Deep Learning has changed the way we think about developing software 2 NVIDIA DRIVE

640 views • 36 slides
Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele

Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele

Nextcloud Decentralize the way we share, sync and collaborate Bjrn Schiele www.schiessle.org @schiessle bjoern@mastodon.social About Me Bjrn Schiele Free Software activist for 20+ years Building free, decentralized and open

922 views • 33 slides
ARCS Data Fabric Pauline Mak pauline.mak@arcs.org.au ARCS Data Services Pauline Mak Outline

ARCS Data Fabric Pauline Mak pauline.mak@arcs.org.au ARCS Data Services Pauline Mak Outline

ARCS Data Fabric Pauline Mak pauline.mak@arcs.org.au ARCS Data Services Pauline Mak Outline Introduction to the ARCS Data Fabric Migration from SRB to iRODS Davis Hermes Pauline Mak ARCS Data Fabric Pauline Mak Why SRB?

735 views • 26 slides
bc everywhere you look WebDAV Interoperability Event Hosted by Jim Whitehead, UC Santa

bc everywhere you look WebDAV Interoperability Event Hosted by Jim Whitehead, UC Santa

WebDAV Interoperability Event July 19-20, 2001 Report Larry Masinter Adobe Systems Incorporated http://larry.masinter.net bc everywhere you look WebDAV Interoperability Event Hosted by Jim Whitehead, UC Santa Cruz No registration

359 views • 7 slides
The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges

The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges

The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges TERENA EuroCAMP 14 - 15 November 2007 Dubrovnik, Croatia Shibboleth-enabled WebDAV server 1) Context Demo (if it works) 2) Protocols

627 views • 40 slides
Creating a TEI-Based Website with the eXist XML Database Joseph Wicentowski, Ph.D. U.S.

Creating a TEI-Based Website with the eXist XML Database Joseph Wicentowski, Ph.D. U.S.

Creating a TEI-Based Website with the eXist XML Database Joseph Wicentowski, Ph.D. U.S. Department of State July 2010 Goals . . how to install and use eXist and oXygen to query and create a 3 . . . about eXist : a free, open-source native

669 views • 30 slides
Introduction L. Poggioli, LAL ATLAS latest news Actions list Inputs from recent

Introduction L. Poggioli, LAL ATLAS latest news Actions list Inputs from recent

Introduction L. Poggioli, LAL ATLAS latest news Actions list Inputs from recent meetings LCG-TECH ftf 16/04 https://indico.in2p3.fr/conferenceDisplay.py?confId=9731 Pre-GDB 13/05 http://indico.cern.ch/event/272787/

390 views • 14 slides
freedesktop.org X bling, system-wide IPC, universal input, desktop integration (a man, a plan, a

freedesktop.org X bling, system-wide IPC, universal input, desktop integration (a man, a plan, a

freedesktop.org X bling, system-wide IPC, universal input, desktop integration (a man, a plan, a canal Panama!) Daniel Stone <daniel@freedesktop.org> <dstone@kde.org> freedesktop.org projects daniel@gabe:/projects% ls | wc

574 views • 13 slides
Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad

Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad

University of Michigan - Ann Arbor Optimal Defense Policies for Partially Erik Miehling Observable Spreading Processes on Mohammad Rasouli Demosthenis Teneketzis Bayesian Attack Graphs Second ACM Workshop on Moving Target Defense (MTD 2015)

733 views • 28 slides

More recommend