Towards True Security: Attribute-based Encryption
We are generally poor at properly integrating security, and often use overlay models to overcome our lack of embedded security. Our models of security often, too, come from our legacy operating systems, and which fail to protect data (as they were designed to protect files and directories rather than data). We thus often we fail to encrypt data properly, and we fall back to the operating system to provide rights to files. Our overall policies thus focus on documents and not on data.
We have thus created a data world which is open, and then to protect it we put up perimeters. But we find out that there’s insiders who sit behind the firewall and can access our data. So we then encrypt with an encryption key, but this is often applied on a fairly large scale basis. So how do we control access to sensitive data when we use cloud-based storage? Well, we need to look at better ways of protecting our data, while still being able to process it.
The systems we have created have grown up through operating system security, and apply role based security. In a Linux system we can have:
User: bob
Group: gpand we have access rights as:
User=rwx Group=rwx Everyone=rwxIn this case Bob will have access rights based on his ownership of a file, or on…
