Tag Archives: Data Centric Security

Enabling Data Sharing in Contextual Environments: Policy Representation and Analysis

The paper “Enabling Data Sharing in Contextual Environments: Policy Representation and Analysis” was accepted at SACMAT 2017.

ACM Symposium on Access Control Models and Technologies (SACMAT 2017)

Authors: Erisa Karafili and Emil Lupu

Abstract: Internet of Things environments enable us to capture more and more data about the physical environment we live in and about ourselves. The data enable us to optimise resources, personalise services and offer unprecedented insights into our lives. However, to achieve these insights data need to be shared (and sometimes sold) between organisations imposing rights and obligations upon the sharing parties and in accordance with multiple layers of sometimes conflicting legislation at international, national and organisational levels. In this work, we show how such rules can be captured in a formal representation called “Data Sharing Agreements”. We introduce the use of abductive reasoning and argumentation based techniques to detect inconsistencies in the rules  applicable and resolve them by assigning priorities to the rules. We show how through the use of argumentation based techniques use-cases taken from real life application are handled flexibly addressing trade-offs between confidentiality, privacy, availability and safety.

Sharing Data Through Confidential Clouds: An Architectural Perspective

Cloud and mobile are two major computing paradigms that are rapidly converging. However, these models still lack a way to manage the dissemination and control of personal and business-related data. To this end, we propose a framework to control the sharing, dissemination and usage of data based on mutually agreed Data Sharing Agreements (DSAs). These agreements are enforced uniformly, and end-to-end, both on Cloud and mobile platforms, and may reflect legal, contractual or user-defined preferences. We introduce an abstraction layer that makes available the enforcement functionality across different types of nodes whilst hiding the distribution of components and platform specifics. We also discuss a set of different types of nodes that may run such a layer.

 Daniele Sgandurra, Francesco Di Cerbo, Slim Trabelsi, Fabio Martinelli, and Emil Lupu: Sharing Data Through Confidential Clouds: An Architectural PerspectiveIn proceedings of the 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity, 2015 IEEE/ACM, pp. 58-61, DOI: 10.1109/TELERISE.2015.19. Bibtex.

CoCo Cloud: Confidential and Compliant Clouds

fp7logoFP7, Partners: Hewlett-Packard, The Italian National Research Council, Imperial College London, University of Oslo, SAP, Atos, AGID, Bird & Bird, and Grupo Hospitalario Quirón.

The project aims to facilitate data sharing in cloud environments by providing end-to-end data centric security from the client to the cloud based on the (semi-)automated enforcement ofData Sharing Agreements. These agreements may reflect legal, contractual or user defined preferences, which may be conflicting and thus an appropriate balance and model for their enforcement must be found.


Secure and Opportunistic Information Dissemination in Crisis Management

Secure dissemination of data in crisis management scenarios is always difficult to achieve because network connectivity is intermittent or absent. In this work we have combined data-centric information protection techniques based on usage control, sticky policies and rights management with opportunistic networking to enable the dissemination of information between first responders in crisis management situations. The dissemination of keys for access to the information is controlled by a policy hierarchy that describes the permitted devolution of control. Policies are evaluated whenever two users are in proximity in the field and keys are distributed upon successful evaluation. Simulations with conservative mobility models show that the delay on information access i.e., the difference between the distribution of information and the distribution of keys remains small for realistic densities of users in the geographical areas.


Enrico Scalavino, Giovanni Russello, Rudi Ball, Vaibhav Gowadia, Emil Lupu. An opportunistic authority evaluation scheme for data security in crisis management scenarios. ASIACCS 2010: 157-168.