In the digital age, where the Internet connects things across the globe and individuals are constantly online, data security and privacy are becoming key drivers (and barriers) of change for adoption of innovative solutions. Traditional approaches, whereby communication links are secured by means of encryption, and access control is run in a static way by a centralised authority, are showing their limits when applied to massive-scale, interconnected and distributed systems. Regulations, while still fragmented, are moving to adapt to changes in technology and society, with the aim to protect confidential information by governments, businesses, and individual citizens. In this landscape, proper mechanisms should be defined to allow a strict control over the data life-cycle and to guarantee the privacy and the application of specific regulations on personal information's disclosure, usage and access. Sticky policies represent one approach to improve owners' control over their data. In such an approach, machine-readable policies are attached to data. They are called 'sticky' in that they travel together with data, as data travels across multiple administrative domains. In this article we survey the state-of-the-art in sticky policies, discussing limitations, open issues, applications and research challenges, with a specific focus on their applicability to Internet of Things, cloud computing and Content Centric Networking.

Sticky Policies: A Survey

Rizzardi, Alessandra;Sicari, Sabrina
;
Coen-Porisini, Alberto
2020-01-01

Abstract

In the digital age, where the Internet connects things across the globe and individuals are constantly online, data security and privacy are becoming key drivers (and barriers) of change for adoption of innovative solutions. Traditional approaches, whereby communication links are secured by means of encryption, and access control is run in a static way by a centralised authority, are showing their limits when applied to massive-scale, interconnected and distributed systems. Regulations, while still fragmented, are moving to adapt to changes in technology and society, with the aim to protect confidential information by governments, businesses, and individual citizens. In this landscape, proper mechanisms should be defined to allow a strict control over the data life-cycle and to guarantee the privacy and the application of specific regulations on personal information's disclosure, usage and access. Sticky policies represent one approach to improve owners' control over their data. In such an approach, machine-readable policies are attached to data. They are called 'sticky' in that they travel together with data, as data travels across multiple administrative domains. In this article we survey the state-of-the-art in sticky policies, discussing limitations, open issues, applications and research challenges, with a specific focus on their applicability to Internet of Things, cloud computing and Content Centric Networking.
2020
https://ieeexplore.ieee.org/document/8807248
Security, Privacy, Sticky Policy
Miorandi, Daniele; Rizzardi, Alessandra; Sicari, Sabrina; Coen-Porisini, Alberto
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11383/2080528
 Attenzione

L'Ateneo sottopone a validazione solo i file PDF allegati

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 7
social impact