Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Cross-application data provenance and policy enforcement
Demsky B. ACM Transactions on Information and System Security14 (1):1-22,2011.Type:Article
Date Reviewed: Aug 15 2011

In today’s society, people increasingly rely on computer networks to exchange a variety of information. With the complexity of our networked world, ensuring information security has become critical, not only to protecting personal privacy, but also to national security. Therefore, many organizations have implemented technologies that combine encryption with security policy.

Beyond the issues related to the efficiency and flexibility of these technologies are challenges to cross-application data provenance and policy enforcement. More explicitly, it is difficult to discover the history of how a file has reached its current state, and how to control access to a file during its transmission, when it involves the multiple machines in current software systems.

To address this problem, Demsky presents a new framework for data protection called Garm. Garm encrypts policy-protected data before it is passed to the operating system, and decrypts policy-protected data before an authorized application reads it. The system can trace data provenance and enforce data access policies across multiple applications and machines. It further introduces support for tracing provenance information across executions and application boundaries. The paper describes the architecture of Garm, analyzes its provenance, and presents its limitations. Furthermore, it reports that applications of the prototype implementation on benchmark files achieved the goals as expected, with an overhead ranging from 5.34 to 13.14 on benchmarked g-zipped, tar archive, and MP3 files. The slowdown is barely noticeable, however, on interactive applications such as bash, xdvi, pico, nano, ssh, scp, and other command line utilities.

The paper also presents some possible reasons that may negatively affect performance. For example, the current implementation has a 400-percent increase in the amount of memory space.

In the real world, no system is absolutely secure. Demsky presents reasonable assumptions about Garm, as well as its limitations. This paper is very well written. I certainly recommend it to people who work in information security, from system architecture, to solution design, to implementation.
Reviewer:  Chenyi Hu Review #: CR139349 (1201-0055)
Bookmark and Share
  Featured Reviewer  
 
General (C.2.0 )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "General": Date
Broadband access
Gillespie A., Artech House, Inc., Norwood, MA, 2001. Type: Book (9780890064733)		 Jun 26 2002
Data communications & teleprocessing systems (2nd ed.)
Housley T. (ed), Prentice-Hall, Inc., Upper Saddle River, NJ, 1987. Type: Book (9789780131973930)		 Dec 1 1987
Open systems
Nutt G., Prentice-Hall, Inc., Upper Saddle River, NJ, 1992. Type: Book (9780136362340)		 Sep 1 1992
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy