Your cloud in my company: Modern rights management services revisited
Grothe M, Rösler P, Jupke J, Kaiser J, Mainka C, Schwenk J (2016)
Publication Type: Conference contribution
Publication year: 2016
Publisher: Institute of Electrical and Electronics Engineers Inc.
Pages Range: 217-222
Conference Proceedings Title: Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
Event location: Salzburg
ISBN: 9781509009909
DOI: 10.1109/ARES.2016.69
Abstract
We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analyze Tresorit, one of the most frequently used End-to-End encrypted cloud storage systems. Tresorit can use Azure and its Rights Management Services (RMS) module as an additional security layer: a user should be able to either trust Tresorit or Azure. Our systematic evaluation reveals a serious breach to their security architecture: we show that the whole security of Tresorit RMS relies on Tresorit being trusted, independent of trusting Azure.
Authors with CRIS profile
Involved external institutions
Germany (DE)How to cite
APA:
Grothe, M., Rösler, P., Jupke, J., Kaiser, J., Mainka, C., & Schwenk, J. (2016). Your cloud in my company: Modern rights management services revisited. In Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016 (pp. 217-222). Salzburg, AT: Institute of Electrical and Electronics Engineers Inc..
MLA:
Grothe, Martin, et al. "Your cloud in my company: Modern rights management services revisited." Proceedings of the 11th International Conference on Availability, Reliability and Security, ARES 2016, Salzburg Institute of Electrical and Electronics Engineers Inc., 2016. 217-222.
BibTeX: Download