M. Azraoui, M. Önen, R. Molva, “Framework for Searchable Encryption with SQL Databases”, Conference CLOSER 2018, 19-21 March 2018, Medeira, Portugal. [Conference website http://closer.scitevents.org/]
Access Policy and Key Management defines the access policies for the data outsourced to the cloud, stores the key material communicated to the Data Operations Modules when needed, and controls the communication with other proxies.
Intra-proxy access policy management
Intra-proxy access policy management module allows the security manager to:
- define the access rights of the users on the storage/processing services protected by CLARUS;
- define the permissions of the users on the outsourced dataspaces.
For the user permissions on datasets, the security manager also defines the user authorisations (i.e. permissions) on the outsourced datasets. The permissions are either read, update and delete. As it might be of interest for the resource owner (i.e. the creator of an outsourced dataset) to modify the permissions of other users on his/her dataset, we may consider a web interface for managing user permissions
This interface allows the user to:
- Add authorisations for a user
- listing the registered users that do not have authorisations defined on the outsourced dataset
- selecting a user
- selecting or unselecting the read, update and delete authorisations
- saving the new authorisations
- Remove authorisations for a user
- listing the users which have authorisations on a given outsourced dataset
- selecting a user
- deleting the authorisations for the selected user
External CLARUS proxies can access the data and request to perform operations on this data (such as computation or search – according to the applied data operations) by using a data routing service offered by the data owning CLARUS proxy. For this access, the Inter-proxy communication is used to define the access rights and key exchanges. A VPN connection between proxies is mandatory to avoid any data security or privacy leak.
The data owning CLARUS proxy – in this example CLARUS Proxy 2 – manages the data access for all external CLARUS proxies in the Inter-proxy communication module. For each external CLARUS proxy a key is used to encrypt the requested data with, so that the external proxy can decrypt the data. The policy management defines the access levels for external CLARUS proxies analogue to the intra-proxy policies. The Inter-proxy communication module creates access policies for external CLARUS proxies and stores them in the Access Policy DB.
The first Proxy 1 forwards the user requests to the Proxy 2 by changing the identity of the user to a technical user and forwards later the answer of Proxy 2 to the user like a classical proxy. Notice that the proxy 1 has a security policy that do not protect any confidential data. All the protection mechanism is supported by Proxy 2.