The Release Of Sensitive Data In The Network Environment And Management,

Considering the sensitivity problems occurred in an open network environment and security requirement for publish and management of sensitive data, we propose a security framework for publish and manage sensitive data in a network environment, based on our research on publishing data between strangers and secure storage in database system. We integrate the trust negotiation mechanism and database encryption technology into this security framework, which provides sufficient protection for storage, publish and management of sensitive data.To authenticate a trustable stranger, entities in a same security domain utilize the identity based authentication mechanism in a conventional way. Trust negotiation mechanism extends it to an attribute based authentication mechanism in an open network environment. This mechanism incrementally builds trust by iteratively disclosing digital credentials that contain attributes of the negotiating participants. And it solves the problems of publishing sensitive data between strangers.Database encryption is a crucial technique in the security mechanisms of database. However, Current techniques of sharing the keys and the encrypted data for databases are neither convenient nor flexible in the real applications. Inspired by the PGP technique, we propose a novel database encryption scheme for enhanced data sharing inside a database, while preserving data privacy. It is characterized by both the fast speed of the conventional encryption and the convenience of key distribution of public key encryption. It also provides secured storage for sensitive data and effective key management. The scheme has been implemented and successfully applied on Oscar V5.1, a DBMS developed for aerospace application.This thesis probes into some critical techniques which are involved in our secure framework, and discusses some design and implementation issues in detail.