文档详细内容(约49页)
Our Work >We propose a new policy-based file assured deletion scheme that reliably deletes files of revoked file access policies A generalized version of time-based delete >We implement and evaluate a working prototype of FADE atop Amazon S3 FADE respects REST interface for cloud FADE works feasibly in practice 11
11 Our Work �We propose a new policy-based file assured deletion scheme that reliably deletes files of revoked file access policies • A generalized version of time-based delete �We implement and evaluate a working prototype of FADE atop Amazon S3 • FADE respects REST interface for cloud • FADE works feasibly in practice
Scenarios:Defining Policies >Scenario 1:storing files for permanent employees For each employee (e.g.,Alice),define a user-based policy P:Alice is an employee User-based policy If Alice quits her job,the key manager will remove the control key of policy P 12
12 Scenarios: Defining Policies �Scenario 1: storing files for permanent employees • For each employee (e.g., Alice), define a user-based policy • If Alice quits her job, the key manager will remove the control key of policy P P: Alice is an employee User-based policy
Scenarios:Defining Policies >Scenario 2:storing files for contract-based employees 。 e.g.,Bob's contract expires on 2010-01-01. Define two policies P1:Bob is an employee P2:valid before 2010-01-01 User-based policy Time-based policy Files of Bob are associated with policy combination PAP2 13
13 Scenarios: Defining Policies �Scenario 2: storing files for contract-based employees • e.g., Bob’s contract expires on 2010-01-01. Define two policies • Files of Bob are associated with policy combination P 1 ∧ P 2 P 1: Bob is an employee P 2: valid before 2010-01-01 User-based policy Time-based policy
Scenarios:Defining Policies >Scenario 3:storing files for a team of N employees Each employee i is assigned a policy combination Pi Pi2 P1=policy for employment status Pi2 policy for valid time for access Associate team's files with disjunctive combination (P11AP12)V(P21AP22)V...V (PN1APN2) 14
14 Scenarios: Defining Policies �Scenario 3: storing files for a team of N employees • Each employee i is assigned a policy combination Pi1 ∧ Pi2 • Pi1 = policy for employment status • Pi2 = policy for valid time for access • Associate team’s files with disjunctive combination (P11 ∧ P12) ∨ (P21 ∧ P22) ∨ … ∨ (PN1 ∧ PN2 )
Scenarios:Defining Policies >Scenario 4:switching a cloud provider Define a customer-based policy P:customer of cloud provider X All files outsourced on X are tied with policy P If the company switches to a new cloud provider,it simply revokes policy P 15
15 Scenarios: Defining Policies �Scenario 4: switching a cloud provider • Define a customer-based policy • All files outsourced on X are tied with policy P • If the company switches to a new cloud provider, it simply revokes policy P P: customer of cloud provider X
