Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers

Research Article

Protecting Sensitive Information in Directory Services Using Virtual Directories

Download
459 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-03354-4_19,
        author={William Claycomb and Dongwan Shin},
        title={Protecting Sensitive Information in Directory Services Using Virtual Directories},
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 4th International Conference, CollaborateCom 2008, Orlando, FL, USA, November 13-16, 2008, Revised Selected Papers},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={5},
        keywords={Access controls Cryptographic controls Data encryption Public key cryptosystems Privacy Information resource management Data dictionary/directory},
        doi={10.1007/978-3-642-03354-4_19}
    }
    
  • William Claycomb
    Dongwan Shin
    Year: 2012
    Protecting Sensitive Information in Directory Services Using Virtual Directories
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-642-03354-4_19
William Claycomb1,*, Dongwan Shin2,*
  • 1: Sandia National Laboratories
  • 2: New Mexico Tech
*Contact email: wrclayc@sandia.gov, doshin@nmt.edu

Abstract

Directory services are commonly used to store information related to individuals, and often act as a source for security services, such as authentication and access control, in collaborative applications within/across organizations. Hence, there is an urgent need to protect the sensitive information they contain. Existing solutions offer minimal protection against insider attacks, a growing threat to both government and industry data services. In this paper we present a solution for data protection that leverages virtual directories and data encryption to provide a user-centric approach to data protection, delegation, and collaboration. A security architecture is presented, along with the discussion of the benefits and vulnerabilities of our approach. We also discuss a proof-of-concept implementation and performance testing results.