New Article: Cryptographic Enforcement of Segregation of Duty
by Thomas Maus
Workflows with Segregation-of-Duty requirements or involving multiple parties with non-aligned interests (typically mutually distrustful) pose interesting challenges in often neglected security dimensions.
Cryptographic approaches are presented to technically enforce strict auditability, traceability and multi-partyauthorized access control, and thus also enable exoneration from allegations.
These ideas are illustrated by challenging examples - constructing various checks and balances for Telecommunications data retention, a vividly discussed and widely known issue.
The Article can be found at http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_057_Maus_Segregation.pdf