In last years it became clear how traditional infrastructure-centric security has failed to provide the expected security levels required for both personal and enterprise data protection. In fact in most of the cases the solution implemented establishes a security perimeter, designed to avoid un-authorized access respecting the simple principle that everything inside the security perimeter is considered to be more-or-less safe while everything outside the perimeter is considered insecure and suspect. Traditional security mechanisms are intended to prevent un-authorized access to data but still keep failing to reach such ambitious" target: there are regular daily abuses by domestic and foreign attackers to either home PCs but, with more severe consequences, to critical nodes and networks across the Internet. Indeed, using basic security mechanisms such as network rewalls is just that: "basic". In more details, what systematically happens is that the pursued secure perimeter principle is avoided by exploiting sophisticated and unpredictable cyber-attacks, made possible by the presence of unavoidable software bugs, platform misconguration and scenarios not considered during the setup phase of systems. The obvious consequence is that, not only the malicious attacker can get access inside the secure perimeter - potentially aecting the normal intended operations within the secure perimeter - but even more dangerously that he/she can deal with condential data, which may be compromised or exported. Even by using protocols designed to share and store data in a secure" traditional way, it is thus impossible to prevent the leak of information, due to the unexpected and intrinsic weakness of all the systems involved, paired with the false security feeling of the security perimeter, which is tied with error-prone nature of implementation and human errors. To overcome part of these limitations, this work presents a data-centric security paradigm. It does not rely on infrastructure security and traditional mechanism to protect a connection, but rather deals with the security of information that needs to be protected. Identity-Based and Attribute-Based concept are discussed and exploited to bring data-centric security (or part of it) into real-world scenarios such as Network Monitoring Data Sharing and Information Centric Networks.

Caponi, A. (2015). Towards data-centric security: security into information: from techniques to applications and implications [10.58015/caponi-alberto_phd2015].

Towards data-centric security: security into information: from techniques to applications and implications

CAPONI, ALBERTO
2015-01-01

Abstract

In last years it became clear how traditional infrastructure-centric security has failed to provide the expected security levels required for both personal and enterprise data protection. In fact in most of the cases the solution implemented establishes a security perimeter, designed to avoid un-authorized access respecting the simple principle that everything inside the security perimeter is considered to be more-or-less safe while everything outside the perimeter is considered insecure and suspect. Traditional security mechanisms are intended to prevent un-authorized access to data but still keep failing to reach such ambitious" target: there are regular daily abuses by domestic and foreign attackers to either home PCs but, with more severe consequences, to critical nodes and networks across the Internet. Indeed, using basic security mechanisms such as network rewalls is just that: "basic". In more details, what systematically happens is that the pursued secure perimeter principle is avoided by exploiting sophisticated and unpredictable cyber-attacks, made possible by the presence of unavoidable software bugs, platform misconguration and scenarios not considered during the setup phase of systems. The obvious consequence is that, not only the malicious attacker can get access inside the secure perimeter - potentially aecting the normal intended operations within the secure perimeter - but even more dangerously that he/she can deal with condential data, which may be compromised or exported. Even by using protocols designed to share and store data in a secure" traditional way, it is thus impossible to prevent the leak of information, due to the unexpected and intrinsic weakness of all the systems involved, paired with the false security feeling of the security perimeter, which is tied with error-prone nature of implementation and human errors. To overcome part of these limitations, this work presents a data-centric security paradigm. It does not rely on infrastructure security and traditional mechanism to protect a connection, but rather deals with the security of information that needs to be protected. Identity-Based and Attribute-Based concept are discussed and exploited to bring data-centric security (or part of it) into real-world scenarios such as Network Monitoring Data Sharing and Information Centric Networks.
2015
2014/2015
Ingegneria Microelettronica e delle Telecomunicazioni
27.
Informations Elaboration Systems; Data Security; Centralization of Data Security
Settore ING-INF/05 - SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI
Settore IINF-05/A - Sistemi di elaborazione delle informazioni
English
Tesi di dottorato
Caponi, A. (2015). Towards data-centric security: security into information: from techniques to applications and implications [10.58015/caponi-alberto_phd2015].
File in questo prodotto:
File Dimensione Formato  
tesi.pdf

solo utenti autorizzati

Licenza: Copyright degli autori
Dimensione 2.37 MB
Formato Adobe PDF
2.37 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/203126
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact