The Design and Implementation of a Cloud-Based Application demonstrating the use of Sticky Policies and Encryption to Enforce Users’ Privacy and Access Constraints
Loading...
Date
2014
Journal Title
Journal ISSN
Volume Title
Publisher
Annual International Conference on ICT for Africa
Abstract
This research was motivated by the fact that traditional IT security approaches that
focus on perimeter security by protecting network edges, firewalls and application endpoints
appear to be deteriorating due to the introduction of the cloud concept whose architecture is
more of bundled infrastructure and shared resources. Data are widely shared and data owners
are losing control over the collection of personal information, their processing and usage as well
as sharing with third parties. All these are done without regard to the choices and privacy
preferences of the data owner.
In this research, a data governance solution using sticky policies was designed and implemented
using .NET 4.5 Framework with ASP.NET web application development technology. C#
supported in the framework serves as the server-side programming language. This framework
also integrates with the Microsoft SQL Server version 11.00.2100 which then serves as profile
data and sticky policies repository hosted locally at the development stage. A user is able to
create and manage profile information by supplying core data and specifying whether or not a
piece of data can be shared with a third party or not for a given usage purpose and in what
format. Third party applications are required to maintain verifiable credentials in the system and
are permitted to request for user’s profile information via a web service hosted in the cloud. The
policy engine in the system is able to interpret user aggregated sticky policies to determine if
data can be shared and how it can be shared as a mark of respect to the choices of the data
owner.
Description
Keywords
Cloud based application, Sticky policies, Encryption, Internet security, Privacy
Citation
Ogedebe, P. M., Alaku, A. H., & Kituyi, G. M. THE DESIGN AND IMPLEMENTATION OF A CLOUD-BASED APPLICATION DEMONSTRATING THE USE OF STICKY POLICIES AND ENCRYPTION TO ENFORCE USERS’PRIVACY AND ACCESS CONSTRAINTS.