Security mechanisms for content distribution networks
Abstract
Securing data is becoming a crucial need for most internet-based applications. In this research, we investigate security mechanisms for content distribution networks. We address the problem of how to ensure that data, when moving among different parties, are modified only according to the stated policies. We cast our solution in supporting parallel and distributed secure updates to XML documents. The approach, based on the use of a security region-object parallel flow (S-RPF) graph protocol, allows different users to simultaneously update different portions of the same document, according to the specified access control policies. It ensures data confidentiality and integrity. Additionally, it supports a decentralized management of update operations in that a subject can exercise its privileges and verify the correctness of the operations performed so far on the document without interacting, in most of the cases, with the document server. We then extend our document update application into Byzantine and failure prone systems by removing the trusted party which is responsible for recovery of the document. We have developed an approach which uses a group of delegates for recovering documents. Many optimizations have been provided. We improve previous solutions by proposing a scalable distributed protocol which uses cryptographic techniques to provide dynamic group communications, participating anonymity and completeness, and privacy on access privileges. Other security problems such as confidentiality and availability are also investigated in the application of content-based publish/subscribe (pub/sub) systems. We propose a hierarchical event forwarding scheme which increases system availability by tolerating some broker failures. Our approach can efficiently determine the subscription groups to which an event must be delivered by exploiting locality. Moreover, we propose an efficient encryption scheme, under which a broker encrypts an event only once. The encryption key can be efficiently derived by subscribers, even though they may belong to different subscription groups.
Degree
Ph.D.
Advisors
Bertino, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.