In last years it became clear how traditional infrastructure-centric security has failed to provide the expected security levels required for both personal and enterprise data protection. In fact in most of the cases the solution implemented establishes a security perimeter, designed to avoid un-authorized access respecting the simple principle that everything inside the security perimeter is considered to be more-or-less safe while everything outside the perimeter is considered insecure and suspect. Traditional security mechanisms are intended to prevent un-authorized access to data but still keep failing to reach such ambitious" target: there are regular daily abuses by domestic and foreign attackers to either home PCs but, with more severe consequences, to critical nodes and networks across the Internet. Indeed, using basic security mechanisms such as network rewalls is just that: "basic". In more details, what systematically happens is that the pursued secure perimeter principle is avoided by exploiting sophisticated and unpredictable cyber-attacks, made possible by the presence of unavoidable software bugs, platform misconguration and scenarios not considered during the setup phase of systems. The obvious consequence is that, not only the malicious attacker can get access inside the secure perimeter - potentially aecting the normal intended operations within the secure perimeter - but even more dangerously that he/she can deal with condential data, which may be compromised or exported. Even by using protocols designed to share and store data in a secure" traditional way, it is thus impossible to prevent the leak of information, due to the unexpected and intrinsic weakness of all the systems involved, paired with the false security feeling of the security perimeter, which is tied with error-prone nature of implementation and human errors. To overcome part of these limitations, this work presents a data-centric security paradigm. It does not rely on infrastructure security and traditional mechanism to protect a connection, but rather deals with the security of information that needs to be protected. Identity-Based and Attribute-Based concept are discussed and exploited to bring data-centric security (or part of it) into real-world scenarios such as Network Monitoring Data Sharing and Information Centric Networks.
Caponi, A. (2015). Towards data-centric security: security into information: from techniques to applications and implications [10.58015/caponi-alberto_phd2015].
Towards data-centric security: security into information: from techniques to applications and implications
CAPONI, ALBERTO
2015-01-01
Abstract
In last years it became clear how traditional infrastructure-centric security has failed to provide the expected security levels required for both personal and enterprise data protection. In fact in most of the cases the solution implemented establishes a security perimeter, designed to avoid un-authorized access respecting the simple principle that everything inside the security perimeter is considered to be more-or-less safe while everything outside the perimeter is considered insecure and suspect. Traditional security mechanisms are intended to prevent un-authorized access to data but still keep failing to reach such ambitious" target: there are regular daily abuses by domestic and foreign attackers to either home PCs but, with more severe consequences, to critical nodes and networks across the Internet. Indeed, using basic security mechanisms such as network rewalls is just that: "basic". In more details, what systematically happens is that the pursued secure perimeter principle is avoided by exploiting sophisticated and unpredictable cyber-attacks, made possible by the presence of unavoidable software bugs, platform misconguration and scenarios not considered during the setup phase of systems. The obvious consequence is that, not only the malicious attacker can get access inside the secure perimeter - potentially aecting the normal intended operations within the secure perimeter - but even more dangerously that he/she can deal with condential data, which may be compromised or exported. Even by using protocols designed to share and store data in a secure" traditional way, it is thus impossible to prevent the leak of information, due to the unexpected and intrinsic weakness of all the systems involved, paired with the false security feeling of the security perimeter, which is tied with error-prone nature of implementation and human errors. To overcome part of these limitations, this work presents a data-centric security paradigm. It does not rely on infrastructure security and traditional mechanism to protect a connection, but rather deals with the security of information that needs to be protected. Identity-Based and Attribute-Based concept are discussed and exploited to bring data-centric security (or part of it) into real-world scenarios such as Network Monitoring Data Sharing and Information Centric Networks.File | Dimensione | Formato | |
---|---|---|---|
tesi.pdf
solo utenti autorizzati
Licenza:
Copyright degli autori
Dimensione
2.37 MB
Formato
Adobe PDF
|
2.37 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.