Term-weighting approaches in automatic text retrieval
Information Processing and Management: an International Journal
Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Collective privacy management in social networks
Proceedings of the 18th international conference on World wide web
Proceedings of the 18th international conference on World wide web
Personalized social search based on the user's social network
Proceedings of the 18th ACM conference on Information and knowledge management
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Privacy wizards for social networking sites
Proceedings of the 19th international conference on World wide web
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Usable access control in collaborative environments: authorization based on people-tagging
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Preventing Information Leakage from Indexing in the Cloud
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
Exploring online social activities for adaptive search personalization
CIKM '10 Proceedings of the 19th ACM international conference on Information and knowledge management
Collaboration analytics: mining work patterns from collaboration activities
CIKM '10 Proceedings of the 19th ACM international conference on Information and knowledge management
Adaptive data protection in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Adaptive data management for self-protecting objects in cloud computing systems
Proceedings of the 8th International Conference on Network and Service Management
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
| Hi-index | 0.00 |
With the growing popularity of cloud computing, more and more enterprises are migrating their collaboration platforms from in-enterprise systems to Software as a Service (SaaS) applications. While SaaS collaboration has numerous advantages, it also raises new security challenges. In particular, since SaaS collaboration is increasingly used across enterprise boundaries, organizations are concerned that sensitive information may be leaked to outsiders due to their employees' inadvertent mistakes on information sharing. In this article, we propose to mitigate the data leakage problem in SaaS collaboration systems by reducing human errors. Built on top of the discretionary access control model in existing collaboration systems, we have designed a series of mechanisms to provide defense in depth against information leakage. First, we allow enterprises to encode their organizational security rules as mandatory access control policies, so as to impose coarse-grained restrictions on their employees' discretionary sharing decisions. Second, we design an attribute-based recommender that suggests and prioritizes potential recipients for users' files, reducing errors in the choices of recipients. Third, our system actively examines abnormal recipients entered by a file owner, providing the last line of defense before a file is shared. We have implemented a prototype of our solution and performed experiments on data collected from real-world collaboration systems.