The Design and Implementation of a Cloud-Based Application demonstrating the use of Sticky Policies and Encryption to Enforce Users’ Privacy and Access Constraints

Loading...
Thumbnail Image
Date
2014
Journal Title
Journal ISSN
Volume Title
Publisher
Annual International Conference on ICT for Africa
Abstract
This research was motivated by the fact that traditional IT security approaches that focus on perimeter security by protecting network edges, firewalls and application endpoints appear to be deteriorating due to the introduction of the cloud concept whose architecture is more of bundled infrastructure and shared resources. Data are widely shared and data owners are losing control over the collection of personal information, their processing and usage as well as sharing with third parties. All these are done without regard to the choices and privacy preferences of the data owner. In this research, a data governance solution using sticky policies was designed and implemented using .NET 4.5 Framework with ASP.NET web application development technology. C# supported in the framework serves as the server-side programming language. This framework also integrates with the Microsoft SQL Server version 11.00.2100 which then serves as profile data and sticky policies repository hosted locally at the development stage. A user is able to create and manage profile information by supplying core data and specifying whether or not a piece of data can be shared with a third party or not for a given usage purpose and in what format. Third party applications are required to maintain verifiable credentials in the system and are permitted to request for user’s profile information via a web service hosted in the cloud. The policy engine in the system is able to interpret user aggregated sticky policies to determine if data can be shared and how it can be shared as a mark of respect to the choices of the data owner.
Description
Keywords
Cloud based application, Sticky policies, Encryption, Internet security, Privacy
Citation
Ogedebe, P. M., Alaku, A. H., & Kituyi, G. M. THE DESIGN AND IMPLEMENTATION OF A CLOUD-BASED APPLICATION DEMONSTRATING THE USE OF STICKY POLICIES AND ENCRYPTION TO ENFORCE USERS’PRIVACY AND ACCESS CONSTRAINTS.