SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Security architectures for controlled digital information dissemination
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Towards a Multi-dimensional Characterization of Dissemination Control
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
DRM, trusted computing and operating system architecture
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Lazy Revocation in Cryptographic File Systems
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Persistent information security: beyond the e-commerce threat model
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Multilevel filesystems in solaris trusted extensions
Proceedings of the 12th ACM symposium on Access control models and technologies
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Towards automated provisioning of secure virtualized networks
Proceedings of the 14th ACM conference on Computer and communications security
TVDc: managing security in the trusted virtual datacenter
ACM SIGOPS Operating Systems Review
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Enabling fairer digital rights management with trusted computing
ISC'07 Proceedings of the 10th international conference on Information Security
Transparent mobile storage protection in trusted virtual domains
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Content oriented virtual domains for secure information sharing across organizations
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Trusted virtual domains on OpenSolaris: usable secure desktop environments
Proceedings of the fifth ACM workshop on Scalable trusted computing
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
A legally-admissible copyrights ownership identification protocol for digital works
Proceedings of the 4th International Conference on Internet Multimedia Computing and Service
Hi-index | 0.00 |
The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.