Date of Award


Degree Name

Doctor of Philosophy


Computer Science

First Advisor

Dr. Leszek T. Lilien


Protecting confidentiality of shared sensitive data requires satisfying conflicting needs for disseminating data and preventing unauthorized data disclosures. We propose a solution named the active bundles scheme for protecting sensitive data from their disclosures to unauthorized parties during their dissemination. The scheme protects data throughout their entire lifecycle, from data creation through their dissemination to their evaporation or apoptosis (a partial or complete self-destruction, respectively).

An active bundle packages together sensitive data, metadata, and a virtual machine (VM) specific to the bundle. Metadata contain information related to the use of data, including data access control and dissemination policies. A VM controls all activities of its active bundle, and enforces the policies specified by metadata. Implementing VMs in effective and efficient ways is the key issue for the scheme.

There are seven main contributions of this Thesis. First, we propose the active bundles scheme. Second, we identify and investigate four different VM implementations: (i) using trusted third parties (TTPs), (ii) utilizing mobile agents and their frameworks, (iii) using autonomous applications based on secure computing, and (iv) using autonomous applications based on obfuscated control flow graphs. Third, we show that there are no ii available solutions for protecting confidentiality of code and data carried by mobile agents providing output to visited hosts. Fourth, we build a TTP-based prototype of the active bundle scheme, which demonstrates the practicality of the scheme. Fifth, we prove that there is no universal privacy-homomorphic decryption function, and there exists no universal secure autonomous sequential VM for an encrypted decryption function. Sixth, we pioneer the use of secure computing for program obfuscation. Seventh, we present a sample application of active bundles for identity management in cloud computing.

We believe that these contributions justify our thesis: Data can protect themselves from unauthorized accesses by malicious hosts. This is possible due to two salient features of the active bundle scheme: making data inseparable from associated metadata and VMs, and making data active; that is, able to protect themselves from unauthorized disclosures.

Access Setting

Dissertation-Open Access