Results 1 - 10
of
61
Attribute-based encryption for fine-grained access control of encrypted data
- In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop ..."
Abstract
-
Cited by 522 (23 self)
- Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE). E.3 [Data En-
Ciphertext-policy attribute-based encryption
- In Proceedings of the IEEE Symposium on Security and Privacy (To Appear
, 2007
"... ..."
Automated trust negotiation
- In DARPA Information Survivability Conference and Exposition, volume I
, 2000
"... Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as poten ..."
Abstract
-
Cited by 241 (18 self)
- Add to MetaCart
Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information during this process. It treats credentials as potentially sensitive resources, access to which is under policy control. Negotiations that correctly enforce policies have been called “safe ” in the literature. Prior work on ATN lacks an adequate definition of this safety notion. In large part, this is because fundamental questions such as “what needs to be protected in ATN? ” and “what are the security requirements? ” are not adequately answered. As a result, many prior methods of ATN have serious security holes. We introduce a formal framework for ATN in which we give precise, usable, and intuitive definitions of correct enforcement of policies in ATN. We argue that our chief safety notion captures intuitive security goals. We give precise comparisons of this notion with two alternative safety notions that may seem intuitive, but that are seen to be inadequate under closer inspection. We prove that an approach to ATN from the literature meets the requirements set forth in the preferred safety definition, thus
Achieving secure, scalable, and fine-grained data access control in cloud computing
- In Proc. of IEEE INFOCOM
, 2010
"... Abstract—Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive dat ..."
Abstract
-
Cited by 133 (8 self)
- Add to MetaCart
(Show Context)
Abstract—Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Exten-sive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models. I.
Secure Context-sensitive Authorization
- Journal of Pervasive and Mobile Computing
, 2005
"... There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office. ..."
Abstract
-
Cited by 35 (6 self)
- Add to MetaCart
There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office. ” However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm. 1
Authorisation and conflict resolution for hierarchical domains
- In Proc. IEEE Int. Workshop on Policies for Distributed Systems and Networks
, 2007
"... In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatic ..."
Abstract
-
Cited by 21 (8 self)
- Add to MetaCart
(Show Context)
In this paper we generalise the authorisation policy model supported by the Ponder policy language for hierarchically organised domains of managed objects to support subject-based policies and return policies. We describe the authorisation conflicts that can occur and present a strategy to automatically resolve them. In our model each action has four endpoints: the subject call, the subject return, the target call and the target return. Each endpoint can have an associated policy which is used to define constraints on which subjects are permitted to call which targets, and what is permitted to be transferred between subjects and targets. Subject-based policies aim to protect the subject from untrusted targets, while target-based policies aim to protect the target from unauthorised subjects. Subject-based policies are defined for and enforced by the subject’s PEP, while target-based policies are defined for and enforced by the target’s PEP. Although subjectbased and target-based policies are separated, they can be uniformly specified in our framework. I.
The Traust authorization service
- of 5 Research Statement
, 2007
"... In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a ..."
Abstract
-
Cited by 19 (2 self)
- Add to MetaCart
(Show Context)
In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology. In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss
Safety and consistency in policy-based authorization systems
- In Proceedings of the 13th ACM Conference on Computer and Communications Security
, 2006
"... In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justified by collections of certified attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extend ..."
Abstract
-
Cited by 13 (5 self)
- Add to MetaCart
(Show Context)
In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justified by collections of certified attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though these collections of credentials in some ways resemble partial system snapshots, these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this paper, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such, there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing, distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We provide algorithms that allow each of these refined notions of consistency to be attained in practice with minimal overheads. 1
Towards an efficient and language-agnostic compliance checker for trust negotiation systems
- In Proceedings of the Third ACM Symposium on Information, Computer and Communications Security (ASIACCS
, 2008
"... To ensure that a trust negotiation succeeds whenever possible, authorization policy compliance checkers must be able to find all minimal sets of their owners’ credentials that can be used to satisfy a given policy. If all of these sets can be found efficiently prior to choosing which set should be d ..."
Abstract
-
Cited by 12 (8 self)
- Add to MetaCart
(Show Context)
To ensure that a trust negotiation succeeds whenever possible, authorization policy compliance checkers must be able to find all minimal sets of their owners’ credentials that can be used to satisfy a given policy. If all of these sets can be found efficiently prior to choosing which set should be disclosed, many strategic benefits can also be realized. Unfortunately, solving this problem using existing compliance checkers is too inefficient to be useful in practice. Specifically, the overheads of finding all satisfying sets using existing approaches have been shown to rapidly grow exponentially in the size of the union of all satisfying sets of credentials for the policy, even after optimizations have been made to prune the search space for potential satisfying sets. In this paper, we describe the Clouseau compliance checker. Clouseau leverages efficient patternmatching algorithms to find all satisfying sets of credentials for a given policy in time that grows as O(NA), where N is the number of satisfying sets for the policy and A is the average size of each satisfying set. We describe the design and implementation of the Clouseau compliance checker, evaluate its performance as the number and size of satisfying sets for a given policy varies, and show that it vastly outperforms existing approaches to finding all satisfying sets of credentials. We then present a method for automatically compiling RT policies into a format suitable for analysis by Clouseau and prove the correctness and completeness of this compilation procedure.
Interactive access control for autonomic systems. Unpublished doctoral dissertation
, 2005
"... Autonomic communication and computing is a new paradigm for dynamic service integration over a network. An autonomic network crosses organizational and management boundaries and is provided by entities that see each other just as partners. For many services no autonomic partner may guess a priori wh ..."
Abstract
-
Cited by 11 (4 self)
- Add to MetaCart
Autonomic communication and computing is a new paradigm for dynamic service integration over a network. An autonomic network crosses organizational and management boundaries and is provided by entities that see each other just as partners. For many services no autonomic partner may guess a priori what will be sent by clients nor clients know a priori what credentials are required to access a service. To address this problem we propose a new interactive access control: servers should interact with clients, asking for missing credentials necessary to grant access, whereas clients may supply or decline the requested credentials. Servers evaluate their policies and interact with clients until a decision of grant or deny is taken. This proposal is grounded in a formal model on policy-based access control. It identifies the formal reasoning services of deduction, abduction and consistency. Based on them, the work proposes a comprehensive access control framework for autonomic systems. An implementation of the interactive model is given followed by system performance evaluation.
