Abstract
Sharing e-documents are important components of any enterprise workflow. Keeping these e-documents secure is fundamental to enterprise security, especially in multi-site enterprises or when sharing e-documents with third party. For that purpose, enterprises use document management software. However, document leakage is the most challenging security issue. These leaks are mainly caused by internal attack wither intentional or due to accident and employee ignorance. After exploring the landscape of the current e-document sharing security issues, this chapter proposes a framework to address these issues. The proposed framework is adapting current technologies in new novel approach to deliver a secure environment to share e-documents and track them. The confirmed framework secures documents not only inside the enterprise, but also when they leave the enterprise boundaries via networks or portable devices. As the author’s knowledge extends, there is no other work similar to what this paper provide regarding proposing such a framework. The framework provides a persistent and secure environment through the e-document life cycle and ability to track the document. The framework components design is based on analysing the literature of the current issues and available solutions. These components were confirmed after surveying security professionals and interviewing fourteen security experts. The framework includes components utilising active document concept, digital right management concept, context awareness, and a central certification authority service.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aaber, Z.S., et al.: Preventing document leakage through active document. In: 2014 World Congress on Internet Security, WorldCIS 2014, pp. 53–58 (2014)
Aaber, Z.S., et al.: Towards a framework for securing a document outside an organisational firewall. In: Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom, pp. 1057–1062 (2015)
Abiteboul, S., Bourhis, P., Marinoiu, B.: Efficient maintenance techniques for views over active documents. In: Proceedings of the 12th International Conference on Extending Database Technology Advances in Database Technology – EDBT 2009, p. 1076. ACM Press, New York (2009)
Bhattacherjee, A.: Social Science Research: Principles, Methods, and Practices (2012)
Bossi, A., et al.: Verifying persistent security properties. Comput. Lang. Syst. Struct. Spec. Issue 30(3–4), 231–258 (2004)
Chang, V., Ramachandran, M.: Towards achieving data security with the cloud computing adoption framework. IEEE Trans. Serv. Comput. 9(1), 138–151 (2016)
Nam, C.-K., Bae, J.-H.J.: A framework for processing active documents. In: Proceedings of 6th Russian-Korean International Symposium on Science and Technology KORUS-2002 (Cat. No.,02EX565), pp. 122–125. IEEE (2002)
Dourish, P., Edwards, W.K., et al.: A programming model for active documents. In: Proceedings of the 13th Annual ACM Symposium on User Interface Software and Technology - UIST 2000, pp. 41–50. ACM Press, New York (2000a)
Dourish, P., Edwards, W.K., et al.: Extending document management systems with user-specific active properties. ACM Trans. Inf. Syst. 18(2), 140–170 (2000b)
Dourish, P.: The appropriation of interactive technologies: some lessons from placeless documents. Comput. Support. Coop. Work (CSCW) 12(4), 465–490 (2003)
Faul, F., et al.: Statistical power analyses using G*Power 3.1: tests for correlation and regression analyses. Behav. Res. Methods 41(4), 1149–1160 (2009)
Giampaolo, D.: Practical File System Design with the Be File System, 1st edn. Morgan Kaufmann, San Mateo (1999)
Greatrex, J.: Bungling West Midlands medics lose 12,000 private patient records-Birmingham mail. Sunday Mercury (2010)
Jupp, V.: The SAGE Dictionary of Social Research Methods. SAGE Publications Ltd., London (2006)
Kumar, C.D. Tech, M.: Use of Secure Distributed Online Certification Authority, 2(1) (2012)
LaMarca, A., Edwards, W., Dourish, P.: Taking the work out of workflow: mechanisms for document-centered collaboration. ECSCW 1999, September, pp. 12–16 (1999)
Lee, H., et al.: New approach for detecting leakage of internal information; using emotional recognition technology. TIIS 9(11), 4662–4680 (2015)
Lorch, M., et al.: First experiences using XACML for access control in distributed systems. In: Proceedings of the 2003 ACM Workshop on XML Security XMLSEC 2003, 47(C), p. 25 (2003)
Loren, M.K.: Toward a practical public-key cryptosystem. Unpublished doctoral dissertation, Department of Electrical Engineering, Massachusetts Institute of Technology, Cambridge (1978)
Manasdeep: Information rights management implementation and challenges, Mumbai (2012)
Metula, E.: NET Framework Rootkits: Backdoors Inside Your Framework. BlackHat, Amsterdam (2009)
Munier, M., Lalanne, V., Ardoy, P.-Y., Ricarde, M.: Legal issues about metadata data privacy vs information security. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM/SETOP-2013. LNCS, vol. 8247, pp. 162–177. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54568-9_11
Munier, M., Lalanne, V., Ricarde, M.: Self-protecting documents for cloud storage security. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1231–1238. IEEE (2012)
Nam, C., Lim, J., Kang, I.: Declarative development of web applications with active documents. In: 2004 Proceedings of the 8th Russian-Korean International Symposium on Science and Technology, KORUS 2004, pp. 68–72. IEEE (2004)
Neumann, C.P., Lenz, R.: The alpha-flow use-case of breast cancer treatment - modeling inter-institutional healthcare workflows by active documents. In: 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 17–22. IEEE (2010)
Quint, V., Vatton, I.: Making structured documents active. Electron. Publ. 7(November 1993), 55–74 (1994)
Randazzo, M.R., et al.: Insider threat study: Illicit cyber activity in the banking and finance sector (2005). http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA441249
Recker, J.: Scientific Research in Information Systems: A Beginner’s Guide. Springer, Heidelberg (2013)
Richter, J., Cabrera, L.F.: A File System for the 21st Century: Previewing the Windows NT 5.0 File System-Many programming tasks will be simplified by innovations in NTFS, the Windows NT 5.0 file system. Microsoft Systems Journal-US Edn., pp. 19–36 (1998)
Rizzo, L.: Effective erasure codes for reliable computer communication protocols. SIGCOMM Comput. Commun. Rev. 27(2), 24–36 (1997)
Smallwood, R.: Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets. Wiley, Hoboken (2012)
Software Engineering Institute: 2012 CyberSecurity Watch Survey (2013a). http://resources.sei.cmu.edu/asset_files/Presentation/2013_017_101_57766.pdf
Software Engineering Institute: 2013 US State of Cybercrime Survey (2013b). http://resources.sei.cmu.edu/asset_files/Presentation/2013_017_101_58739.pdf
Van Tassel, J.: Digital Rights Management. Elsevier Inc., Oxford (2006)
The Department for Business Innovation and Skills: Information Security Breaches Survey 2014: Technical report (2014). https://www.gov.uk/government/publications/information-security-breaches-survey-2014
Todorova, A., Neumann, C.: alpha-Props: a rule-based approach to “active properties” for document-oriented process support in inter-institutional environments. In: Lecture Notes in Informatics (LNI) (2011)
Wilbur, S., et al.: Secure automated document delivery. In: 1989 Fifth Annual Proceedings of Computer Security Applications Conference, pp. 348–356 (1989)
Zhou, L., Schneider, F.B., Van Renesse, R.: COCA: a secure distributed online certification authority. ACM Trans. Comput. Syst. 20(4), 329–368 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Aaber, Z.S., Wills, G.B., Crowder, R.M. (2017). Protecting Document Outside Enterprise Network: A Confirmed Framework. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-54380-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54379-6
Online ISBN: 978-3-319-54380-2
eBook Packages: Computer ScienceComputer Science (R0)