Author:
Mikko Kiviharju
Affiliation:
Finnish Defence Research Agency, Finland
Keyword(s):
MLS, RBAC, CBIS, ABE, Cryptography, Access Control Models.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Integrity
;
Databases and Data Security
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy in Pervasive/Ubiquitous Computing
;
Web Information Systems and Technologies
Abstract:
Role-based access control (RBAC) is the de facto access control model used in current information systems. Cryptographic access control (CAC), on the other hand, is an implementation paradigm intended to enforce AC-policies cryptographically. CAC-methods are also attractive in cloud environments due to their distributed and offline nature of operation. Combining the capabilities of both RBAC and CAC fully seems elusive, though. This paper studies the feasibility of implementing RBAC with respect to write-permissions using a recent type of cryptographic schemes called attribute-based signatures (ABS), which fall under a concept called functional cryptography. We map the functionalities and elements of RBAC to ABS elements and show a sample XACML-based architecture, how signature generation and verification conforming to RBAC-type processes could be implemented.