Your Cloud in My Company: Modern Rights Management Services Revisited

We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analy...

Full description

Saved in:
Bibliographic Details
Published in2016 11th International Conference on Availability, Reliability and Security (ARES) pp. 217 - 222
Main Authors Grothe, Martin, Mainka, Christian, Rosler, Paul, Jupke, Johanna, Kaiser, Jan, Schwenk, Jorg
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.08.2016
Subjects
Azure
Cloud
Cloud computing
Companies
Copyright protection
Cryptography
ERM
RMS
Servers
Tresorit
Online AccessGet full text

Cover

More Information
Summary:We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analyze Tresorit, one of the most frequently used End-to-End encrypted cloud storage systems. Tresorit can use Azure and its Rights Management Services (RMS) module as an additional security layer: a user should be able to either trust Tresorit or Azure. Our systematic evaluation reveals a serious breach to their security architecture: we show that the whole security of Tresorit RMS relies on Tresorit being trusted, independent of trusting Azure.
DOI:10.1109/ARES.2016.69