A policy-based containerized filter for secure information sharing in organizational environments Articles uri icon

authors

  • GONZÁLEZ COMPEAN, J. L.
  • TELLES, OSCAR
  • LOPEZ AREVALO, IVAN
  • MORALES SANDOVAL, MIGUEL
  • SOSA SOSA, VICTOR JESUS
  • CARRETERO PEREZ, JESUS

publication date

  • June 2019

start page

  • 430

end page

  • 444

issue

  • 95

International Standard Serial Number (ISSN)

  • 0167-739X

Electronic International Standard Serial Number (EISSN)

  • 1872-7115

abstract

  • In organizational environments, sensitive information is unintentionally exposed and sent to the cloud without encryption by insiders that even were previously informed about cloud risks. To mitigate the effects of this information privacy paradox, we propose the design, development and implementation of SecFilter, a security
    filter that enables organizations to implement security policies for
    information sharing. SecFilter automatically performs the following
    tasks: (a) intercepts files before sending them to the cloud; (b)
    searches for sensitive criteria in the context and content of the
    intercepted files by using mining techniques; (c) calculates the risk
    level for each identified criterion; (d) assigns a security level to
    each file based on the detected risk in its content and context; and (e)
    encrypts each file by using a multi-level security engine, based on
    digital envelopes from symmetric encryption,
    attribute-based encryption and digital signatures to guarantee the
    security services of confidentiality, integrity and authentication on
    each file at the same time that access control mechanisms
    are enforced before sending the secured file versions to cloud storage.
    A prototype of SecFilter was implemented for a real-world file sharing
    application that has been deployed on a private cloud. Fine-tuning of
    SecFilter components is described and a case study has been conducted
    based on document sharing of a well-known repository (MedLine corpus).
    The experimental evaluation revealed the feasibility and efficiency of
    applying a security filter to share information in organizational
    environments

keywords

  • cloud security; risk assessment; mining; multi-level security; virtual containers