Title :
Matchbox: secure data sharing
Author :
Goldman, Kenneth ; Valdez, Enriquillo
Author_Institution :
IBM Thomas J. Watson Res. Center, Hawthorne, NY, USA
Abstract :
Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control using digitally cosigned contracts to enforce sharing restrictions. To handle security operations, Matchbox uses the tamper-responding, programmable IBM 4758 cryptographic coprocessor. Matchbox servers can be distributed on a network for high availability, and parties can communicate with Matchbox over public networks - including hostile environments with untrusted hardware, software, and administrators.
Keywords :
Internet; authorisation; coprocessors; cryptography; information retrieval; query processing; Matchbox database server; data access; digitally cosigned contract; fine-grained access control; homeland security; hostile environment; matchbox secure data sharing; programmable IBM 4758 cryptographic coprocessor; share sensitive data; tamper-responding; Access control; Contracts; Data security; Databases; File servers; Law; Legal factors; National security; Network servers; Terrorism; 65; Access controls; Authentication; Cryptographic controls; Data encryption; Data mining; Database management; Database security; Infrastructure protection; Network-level security and protection; Public key cryptosystems; Security and privacy protection;
Journal_Title :
Internet Computing, IEEE
DOI :
10.1109/MIC.2004.68
