[Busec] [Wed. July 15th, 11am @ NEU] Sieve: Provably Secure Access Control for User-Controlled Storage
megele at bu.edu
Mon Jul 13 10:52:06 EDT 2015
While our own practical security seminar meets on Mondays the secure
systems lab at Northeastern is hosting Frank Wang from MIT for his talk
next Wednesday (i.e., in two days). Title and abstract below.
Frank's a great guy and this sounds really interesting and practical so
I'm going. I'd say the more the merrier!
See you at 11 AM on Wednesday July 15th in 366 WVH @ NEU.
> Title: Sieve: Provably Secure Access Control for User-Controlled
> Sieve is a new system that provides secure, delegated access to a
> user’s sensitive cloud data. Sieve enforces cryptographically strong
> restrictions on how third party web services can access that data.
> However, Sieve can still be compatible with monetization systems like
> targeted advertising, reducing the barrier to adoption. In Sieve, each
> user uploads her data in encrypted form to a cloud-based storage
> provider. Each data object is associated with attributes like file
> type, subject matter, and associated user names; these attributes
> arise from automatic annotation or manual user tagging. When a web
> service requests access to the user’s data, she generates a
> service-specific access policy. This policy is expressed in terms of
> attributes and simple operators like equals and less-than. Sieve
> automatically translates the human-readable access policy into a
> public/private key pair that is given to the web service. The key pair
> allows the web service to independently access and decrypt the
> delegated user objects (but no others). Using this scheme, Sieve
> provides users with true control over how their cloud data is
> accessed. This contrasts with popular delegation schemes like OAuth in
> which policies are written by web services and lacking in
> cryptographically strong protections.
More information about the Busec