CFP last date
20 August 2024
Reseach Article

An Access Control Model for Avoiding Outsourcing Risks

by A. Meligy, H. Diab, M. Torky
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 55 - Number 9
Year of Publication: 2012
Authors: A. Meligy, H. Diab, M. Torky
10.5120/8784-2756

A. Meligy, H. Diab, M. Torky . An Access Control Model for Avoiding Outsourcing Risks. International Journal of Computer Applications. 55, 9 ( October 2012), 25-33. DOI=10.5120/8784-2756

@article{ 10.5120/8784-2756,
author = { A. Meligy, H. Diab, M. Torky },
title = { An Access Control Model for Avoiding Outsourcing Risks },
journal = { International Journal of Computer Applications },
issue_date = { October 2012 },
volume = { 55 },
number = { 9 },
month = { October },
year = { 2012 },
issn = { 0975-8887 },
pages = { 25-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume55/number9/8784-2756/ },
doi = { 10.5120/8784-2756 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:56:49.128554+05:30
%A A. Meligy
%A H. Diab
%A M. Torky
%T An Access Control Model for Avoiding Outsourcing Risks
%J International Journal of Computer Applications
%@ 0975-8887
%V 55
%N 9
%P 25-33
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Although the security Outsourcing companies can provide several security services to its customer organizations, but the customer organizations should avoid Outsourcing security risks which emerge from providing security services to the customers through open environments or malicious behaviors which the security providers at Outsourcing companies may carry out. For this problem we propose a new methodology represented in a security design model which combine Cryptography and Access Control techniques to prevent the external security providers of an Outsourcing company to access the sensitive data assets of the customer organizations. We could achieve the realism of this methodology through a proposed algorithm in MATLAP Language. Using our new access control model, the customer organizations can control and manage the external access rights of security providers of specific Outsourcing Company which the customer organization communicated with it

References
  1. C. Warren, A, Computer security series: Outsourcing Information Security ARTECH HOUSE,INC (2004).
  2. Ian. Tho," Managing the Risks of IT Outsourcing", Computer Weeklly PROFFESSIONAL SERIES. 1 st, ed, Elsevier –Butterworth-Heinemann,UK (2003).
  3. (2009), The IT Law Group Web Site (Online) , Available, http://Itlawgroup. com / resources/ articles.
  4. J. Anderson. Computer security planning study. Technical Report 73-51, Air Force Electronic System Division, 1972.
  5. J. Saltzer and M. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), July 1974.
  6. S. De CapitaniForestiJajodia, S. Foresti,and S. Jajodia," A Data Outsourcing Architecture Combining Cryptography and Access Control. " Work shop, On computer security architecture. New York ,USA (2007).
  7. A. Harrington and C. Jensen. Cryptographic access control in a distributed ¯le system. In Proc. of the 8th SACMAT, Como, Italy, June 2003.
  8. S. Akl and P. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM TOCS,1(3):239{248, August 1983. .
  9. J. Crampton, K. Martin, and P. Wild. On key assignment for hierarchical access control. In Proc. of the 19th IEEE CSFW'06, Venice, Italy, July 2006.
  10. G. Miklau and D. Suciu. Controlling access to Published data using cryptography. In Proc. of the 29th VLDB Conference, Berlin, Germany, September 2003.
  11. H. HacigÄumÄus, B. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of 18th ICDE, SanJose, CA, USA, February 2002.
  12. H. HacigÄumÄus, B. Iyer, S. Mehrotra, and C. Li. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM SIGMOD 2002, Madison, Wisconsin, USA, June 2002.
  13. R. Agrawal, J. Kierman, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proc. of ACM SIGMOog2004, Paris, France, June 2004. .
  14. A. Ceselli, E. Damiani, S. De Capitani di Vimercati,,S. Jajodia, S. Paraboschi, and P. Samarati. Modeling and assessing inference exposure in encrypted databases. ACM TISSec, 8(1):119{152, February 2005.
  15. H. HacigÄumÄus, B. Iyer, and S. Mehrotra. Efficient execution of aggregation queries over encrypted relational databases. In Proc. of the 9th International Conference on Database Systems for Advanced Applications, Jeju Island, Korea, March 2004.
  16. E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. An experimental evaluation of multi-key strategies fordata outsourcing. In Proc. of the 22nd IFIP TC-11 International Information Security Conference, South Africa, May 2007.
  17. E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Key management for multiuser encrypted databases. In Proc. of the International Workshop on Storage Security and Survivability, Fairfax, Virginia, USA,November 2005.
  18. M. Atallah, K. Frikken, and M. Blanton. Dynamic and efficient key management for access hierarchies. In Proc. of the 12th ACM CCS05, Alexandria, VA, USA,November 2005.
  19. William. S. " Cryptography and Network Security Principales and Practices. " 4 th ed, ,Prentic hall, USA, November,16, 2005. .
Index Terms

Computer Science
Information Sciences

Keywords

Outsourcing Security Providers Encryption /Decryption access control Two layer encryption model access policy changes AES algorithm MATLAP Language