201. Data centered and Usage-based Security service
- Author
-
Jingya Yuan, Nabila Benharkat, Frédérique Biennier, Service Oriented Computing (SOC), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Université Lumière - Lyon 2 (UL2), C. Ghedira, G. Vargas Solar, N. Bennani, Hakim Hacid, Fatma Outay, Hye-young Paik, Amira Alloum, Marinella Petrocchi, Mohamed Reda Bouadjenek, Amin Beheshti, Xumin Liu, and Abderrahmane Maar
- Subjects
blockchain ,Service (systems architecture) ,GDPR compliance ,Computer science ,business.industry ,Big data ,020206 networking & telecommunications ,Access control ,Cloud computing ,02 engineering and technology ,Usage governance ,Computer security ,computer.software_genre ,Identification (information) ,Security service ,Privacy ,0202 electrical engineering, electronic engineering, information engineering ,Information system ,data driven security ,Data Protection Act 1998 ,020201 artificial intelligence & image processing ,[INFO]Computer Science [cs] ,business ,computer - Abstract
International audience; Protecting Information Systems (IS) relies traditionally on security risk anal-ysis methods. Designed for well-perimetrised environments, these methods rely on a systematic identification of threats and vulnarabilities to identify efficient control-centered protection countermeasures. Unfortunately, this does not fit security challenges carried out by the opened and agile organiza-tions provided by the Social, Mobile, big data Analytics, Cloud and Internet of Things (SMACIT) environment. Due to their inherently collaborative and distributed organization, such multi-tenancy systems require the integration of contextual vulnerabilities, depending on the a priori unknown way of us-ing, storing and exchanging data in opened cloud environment. Moreover, as data can be associated to multiple copies, different protection requirements can be set for each of these copies, which may lead the initial data owner lose control on the data protection. This involves (1) turning the traditional control-centered security vision to a dynamic data-centered protection and even (2) considering that the way a data is used can be a potential threat that may corrupt data protection efficiency. To fit these challenges, we propose a Data-centric Usage-based Protection service (DUP). This service is based on an information system meta-model, used to identify formally data assets and store the processes using copies of these assets. To define a usage-entered protection, we extend the Usage Based Access Control model, which is mostly focused on managing CRUD operations, to more complex operation fitting the SMACIT context. These usage rules are used to generate smart contracts, storing usage consents and managing usage control for cloud ser-vices.
- Published
- 2020