Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1 1 1 1
1 1
Reset filters

Settings
Now showing 1 - 2 of 2
  • Publication
    Building trust in data spaces
    ( 2022)
    Huber, Monika
    ;
    Wessel, Sascha
    ;
    Brost, Gerd
    ;
    Menz, Nadja
    Data is becoming increasingly valuable and must be protected. At the same time, data becomes an economic asset and companies can benefit from exchanging data with each other. The International Data Spaces enable companies to share data while ensuring data sovereignty and security. Data providers can keep control over the processing of their data by utilizing usage control policies, including the verification that these usage control policies are enforced by the data consumer. For this, data processing devices, called connectors, must prove their identity and the integrity of their software stack and state. In this chapter, we present the overall security concept for building trust in data spaces enabling data sovereignty and usage control enforcement. The concept builds on a certification process for components and operational environments utilizing the multiple eye principle. This process is technically mapped to a public key infrastructure providing digital certificates for connector identities and software signing. Finally, the third building block is the architecture and system security of the connectors where usage control must be enforced, the identity and integrity of other connectors and their software stack and state must be verified, and the actual data processing happens.
  • Publication
    An architecture for trusted PaaS cloud computing for personal data
    ( 2014)
    González-Manzano, Lorena
    ;
    Brost, Gerd
    ;
    Aumueller, Matthias
    Cloud computing (CC) has gained much popularity. Large amounts of data, many of them personal, are consumed by CC services. Yet, data security and, derived from that, privacy are topics that are not satisfyingly covered. Especially usage control and data leakage prevention are open problems. We propose the development of a trusted Platform as a Service CC architecture that addresses selected Data security and privacy threats (Data breaches, Insecure interfaces and APIs, Malicious insiders of service providers and Shared technology vulnerabilities). Services that consume personal data and are hosted in the proposed architecture are guaranteed to handle these data according to users' requirements. Our proof of concept shows the feasibility of implementing the presented approach.