Secure Data Exchange and Data Leakage Detection in an Untrusted Cloud

  • Denis UlybyshevEmail author
  • Bharat Bhargava
  • Aala Oqab-Alsalem
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 899)


In service-oriented architecture, services can communicate and share data amongst themselves. It is necessary to provide role-based access control for data. In addition, data leakages made by authorized insiders to unauthorized services should be detected and reported back to the data owner. In this paper, we propose a solution that uses role- and attribute-based access control for data exchange among services, including services hosted by untrusted environments. Our approach provides data leakage prevention and detection for multiple leakage scenarios. We also propose a damage assessment model for data leakages. The implemented prototype supports a privacy-preserving exchange of Electronic Health Records that can be hosted by untrusted cloud providers, as well as detecting leakages made by insiders.


Data leakage detection Access control Privacy Cloud security 



This work was funded by the Northrop Grumman Cybersecurity Research Consortium. The prototype was implemented in collaboration with Northrop Grumman and W3C/MIT and presented internally to Northrop Grumman in April 2017. We would like to thank Prof. Leszek Lilien (Purdue University, Western Michigan University) and Harry Halpin (MIT) for their collaboration and valuable feedback. We are also thankful to Miguel Villarreal-Vasquez, Ganapathy Mani, Rohit Ranchal and Savvas Savvides for their help and valuable feedback.


  1. 1.
    Ulybyshev, D., et al.: Privacy-preserving data dissemination in untrusted cloud. In: IEEE CLOUD, pp. 770–773 (2017)Google Scholar
  2. 2.
    Othmane, L.B., Lilien, L.: Protecting privacy in sensitive data dissemination with active bundles. In: 7th Annual Conference on Privacy, Security and Trust (PST 2009), Saint John, New Brunswick, Canada, pp. 202–213, August 2009Google Scholar
  3. 3.
    Ranchal, R.: Cross-domain data dissemination and policy enforcement. Ph.D. thesis, Purdue University (2015)Google Scholar
  4. 4.
    WSO2 Balana Implementation. Accessed Mar 2018
  5. 5.
    ‘WAXEDPRUNE’ prototype demo video, part 1, Accessed Mar 2018
  6. 6.
    Ulybyshev, D., et al.: Secure dissemination of EHR in untrusted cloud, Project Tutorial. Purdue University (2016)Google Scholar
  7. 7.
    Lightweight data-interchange format JSON. Accessed Mar 2018
  8. 8.
    Simmhan, Y.L., Plale, B., Gannon, D.A.: A survey of data provenance in e-science. SIGMOD Rec. 34(3), 31–36 (2005)CrossRefGoogle Scholar
  9. 9.
    Xu, Z.J., Wang, Z.Z., Lu, Q.: Research on image watermarking algorithm based on DCT. J. Procedia Environ. Sci. 10, 1129–1135 (2011)CrossRefGoogle Scholar
  10. 10.
    Ranchal, R., Bhargava, B., Angin, P., Othmane, L.B.: Epics: a framework for enforcing security policies in composite web services. IEEE Trans. Serv. Comput., 1 (2018)Google Scholar
  11. 11.
    Liu, Q., Safavi-Naini, R., Sheppard, N.: Digital rights management for content distribution. In: Proceedings of Australasian Information Security Workshop, pp. 49–58 (2003)Google Scholar
  12. 12.
    Windows media DRM. Accessed Mar 2018
  13. 13.
    Nickolova, M., Nickolov, E.: Hardware-based and software-based security in digital rights management solutions. Int. J. Inf. Technol. Knowl. 2, 163–168 (2008)Google Scholar
  14. 14.
    Othmane, L.B.: Active bundles for protecting confidentiality of sensitive data throughout their lifecycle. Ph. D. thesis, Western Michigan University, Kalamazoo, MI, USA, December 2010Google Scholar
  15. 15.
    W3C Web Cryptography API. Accessed Mar 2018
  16. 16.
    Web authentication: an API for accessing scoped credentials. Accessed Mar 2018
  17. 17.
    ‘WAXEDPRUNE’ prototype demo video, part 2. Accessed Mar 2018
  18. 18.
    Finding or verifying credit card numbers. Accessed Mar 2018
  19. 19.
    Nevase, J., Chougale, P., Shewale, S., Bhosale, P.: Data leakage detection. Imperial J. Interdisc. Res. 3(5), 1232–1236 (2017).
  20. 20.
    Stamati-Koromina, V., Ilioudis, C., Overill, R., Georgiadis, C.K., Stamatis, D.: Insider threats in corporate environments: a case study for data leakage prevention. In: Proceeding of 5th Balkan Conference in Informatics, pp. 271–274 (2012)Google Scholar
  21. 21.
    Kaur, K., Gupta, I., AK, Singh: Data leakage prevention: e-mail protection via gateway. J. Phys: Conf. Ser. 933(1), 012013 (2018)Google Scholar
  22. 22.
    Gupta, I., Singh, A.K.: A probability based model for data leakage detection using bigraph. In: 2007 Proceedings of the 7th International Conference on Communication and Network Security, pp. 1–5. ACM (2017)Google Scholar
  23. 23.
    Bhargava, B.: Secure/resilient systems and data dissemination/provenance. NGCRC Project Technology Final Report. CERIAS, Purdue University, September 2017Google Scholar
  24. 24.
    Sabadra, P., Stamp, M.: The MediaSnap© digital rights management system. In: Proceedings of Conference on Computer Science and its Applications, San-Diego, California (2003)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  • Denis Ulybyshev
    • 1
    Email author
  • Bharat Bhargava
    • 1
  • Aala Oqab-Alsalem
    • 1
  1. 1.Computer Science Department, CERIASPurdue UniversityWest LafayetteUSA

Personalised recommendations