RBAC with ABS - Implementation Practicalities for RBAC Integrity Policies

Mikko Kiviharju

2014

Abstract

Role-based access control (RBAC) is the de facto access control model used in current information systems. Cryptographic access control (CAC), on the other hand, is an implementation paradigm intended to enforce AC-policies cryptographically. CAC-methods are also attractive in cloud environments due to their distributed and offline nature of operation. Combining the capabilities of both RBAC and CAC fully seems elusive, though. This paper studies the feasibility of implementing RBAC with respect to write-permissions using a recent type of cryptographic schemes called attribute-based signatures (ABS), which fall under a concept called functional cryptography. We map the functionalities and elements of RBAC to ABS elements and show a sample XACML-based architecture, how signature generation and verification conforming to RBAC-type processes could be implemented.

References

  1. ANSI, 2012. American National Standard for Information Technology - Role Based Access Control, INCITS 359-2012, ANSI.
  2. Atallah, M., Blanton, M., Fazio, N., Frikken, K., 2009. Dynamic and Efficient Key Management for Access Hierarchies, In: ACM Transactions of Information and System Security, Vol. 12, No. 3, Article 18, ACM.
  3. Backes, M., Meiser, S., Schröder, D., 2013. Delegatable Functional Signatures, In https://eprint.iacr.org/2013/408, IACR.
  4. Barker, S., 2009. The Next 700 Access Control Models or a Unifying Meta-Model?, In SACMAT'09, pp. 187- 196, ACM New York.
  5. Bellare, M., Fuchsbauer, G., 2014. Policy-Based Signatures, In PKC 2014, Springer (to appear).
  6. Bethencourt, J., Sahai, A., Waters, B., 2011. CiphertextPolicy Attribute-Based Encryption-project, in Advanced Crypto Software Collection, http://hms.isi.jhu.edu/acsc.,
  7. Bitansky, N., Canetti, R., Chiesa, A., Tromer, E., 2013. Recursive composition and bootstrapping for snarks and proof-carrying data. In STOC 2013, pp. 111-120, ACM.
  8. Boneh, D., Boyen, X., 2004. Short signatures without random oracles. In EUROCRYPT 2004, LNCS 3027, pp. 56-73. Springer.
  9. Boyle, E., Goldwasser, S., Ivan, I., 2013. Functional Signatures and Pseudorandom Functions. In https://eprint.iacr.org/2013/401, IACR.
  10. Crampton, J., Martin, K., Wild, P., 2006. On Key Assignment for Hierarchical Access Control. In CSF 2006.
  11. Crampton, J., 2010. Cryptographic Enforcement of RoleBased Access Control, In FAST 2010.
  12. Crampton, J., Lim, H., 2008. Role Signatures for Access Control in Open Distributed Systems. In SEC 2008.
  13. Escala, A., Herranz, J., Morillo, P., 2011. Revocable Attribute-Based Signatures with Adaptive Security in the Standard Model, In AFRICACRYPT 2011, pp.224- 241, LNCS 6737. Springer.
  14. Goyal, V., Pandey, O., Sahai, A., Waters, B., 2006. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, In Proc of 13th ACM Conference on Computer and Communications Security, pp. 89-98, ACM.
  15. Groth, J., 2006. Simulation-sound NIZK proofs for a practical language and constant size group signatures. In ASIACRYPT 2006, LNCS 4284, pp. 444-459, Springer, Germany.
  16. Groth, J., Sahai, A., 2008. Efficient non-interactive proof systems for bilinear groups, In EUROCRYPT 2008, LNCS 4965, pp 415-432. Springer.
  17. Ion, M., Russello, G., Crispo, B., 2010. Supporting Publication and Subscription Confidentiality in Pub/Sub Networks. In SECURECOMM 2010, pp. 272- 289.
  18. Khader. D., 2007. Attribute Based Group Signature Scheme. In http://eprint.iacr.org/2007/159, IACR.
  19. Kiviharju, M., 2012. Towards Pervasive Cryptographic Access Control Models. In SECRYPT 2012.
  20. Maji, H., Prabhakaran, M., Rosulek, M., 2011. Attributebased signatures”. In CT-RSA 2011, LNCS 6558, pp. 376-392. Springer.
  21. Okamoto, T., Takashima, K., 2010. Fully secure functional encryption with general relations from the decisional linear assumption. In CRYPTO 2010, LNCS 6223, pp. 191-208. Springer.
  22. Okamoto, T., Takashima, K., 2011. Efficient AttributeBased Signatures for Non-Monotone Predicates in the Standard Model, In PKC 2011, LNCS 6571, pp.35-52. Springer.
  23. Okamoto, T., Takashima, K., 2013. “Decentralized Attribute-Based Signatures”, In PKC 2013, LNCS 7778, pp.125-142. Springer.
  24. Rissanen E. (ed.),2013. Extensible Access Control Markup Language (XACML) Version 3.0, OASIS Standard. In http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf, OASIS.
  25. Sandhu, R., Bhamidipati, V., Munawer, Q., 1999. The ARBAC97 model for role-based administration of roles. In ACM Transactions on Information and Systems Security, 2(1): 105-135, ACM.
  26. Sandhu, R., Ferraiolo, D., Kuhn, R., 2000. The NIST Model for Role-Based Access Control: Towards A Unified Standard. In 5th ACM Workshop on RBAC, pp. 47-63.
  27. Zhu, Y., Ahn, G-J., Hu, H., Ma, D., Wang, S., 2013. RoleBased Cryptosystem: A New Cryptographic RBACsystem Based on Role-Key Hierarchy. In: IEEE Transactions on Information Forensics and Security. IEEE.
Download


Paper Citation


in Harvard Style

Kiviharju M. (2014). RBAC with ABS - Implementation Practicalities for RBAC Integrity Policies . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 500-509. DOI: 10.5220/0005122105000509


in Bibtex Style

@conference{secrypt14,
author={Mikko Kiviharju},
title={RBAC with ABS - Implementation Practicalities for RBAC Integrity Policies},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={500-509},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005122105000509},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - RBAC with ABS - Implementation Practicalities for RBAC Integrity Policies
SN - 978-989-758-045-1
AU - Kiviharju M.
PY - 2014
SP - 500
EP - 509
DO - 10.5220/0005122105000509