In this paper we consider the problem of protecting files, possibly stored using remote storage services, on a device running different and independent third party applications. We present a general architecture that, by exploiting the inherent security of Trusted Execution Environments, and by requiring minimal secure storage onboard the device, is able to provide a general purpose, distributed storage system that allows the cooperation among different applications domains. Our system exposes APIs that can be invoked by other trusted applications, using the standard TEE IPC. Furthermore, we discuss a middleware that allows legacy applications to transparently access secured files.
Improving Interoperability in Multi-domain Enterprise Right Management Applications
Catuogno L.;
2020-01-01
Abstract
In this paper we consider the problem of protecting files, possibly stored using remote storage services, on a device running different and independent third party applications. We present a general architecture that, by exploiting the inherent security of Trusted Execution Environments, and by requiring minimal secure storage onboard the device, is able to provide a general purpose, distributed storage system that allows the cooperation among different applications domains. Our system exposes APIs that can be invoked by other trusted applications, using the standard TEE IPC. Furthermore, we discuss a middleware that allows legacy applications to transparently access secured files.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.