Policy-hiding Access Control in Open Environment Policy-hiding Access Control in Open Environment *
نویسندگان
چکیده
In Trust Management and attribute-based access control systems, access control decisions are based on the attributes (rather than the identity) of the requester: Access is granted if Alice’s attributes in her certificates satisfy Bob’s access policy. In this paper, we develop a policy-hiding access control scheme that protects both sensitive attributes and sensitive policies. That is, Bob can decide whether Alice’s certified attribute values satisfy Bob’s policy, without Bob learning any other information about Alice’s attribute values or Alice learning Bob’s policy. To enable policy-hiding access control, we introduce the notion of Certified Input Private Policy Evaluation (CIPPE). Our construction for CIPPE uses Yao’s scrambled circuit protocol and two new techniques introduced in this paper. One novel technique is constructing circuits with uniform topology that can compute arbitrary functions in a family. The other technique is Committed-Integer-based Oblivious Transfer.
منابع مشابه
A semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملEfficient Inference Control for Open Relational Queries
We present a control mechanism for preserving confidentiality in relational databases under open queries. This mechanism is based on a reduction of costly inference control to efficient access control that has recently been developed for closed database queries. Our approach guarantees that secrets being declared in form of a confidentiality policy are not disclosed to database users even if th...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملAutomated Certification of Authorisation Policy Resistance
Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs attribute name-value, making it particularly useful in the context of open and distributed systems, where security relevant information can be collected from different sources. However, ABAC enables attribute hiding attacks, allowing an attacker to gain some access by with...
متن کاملDecentralizing Policy-Hiding Attribute-Based Encryption
Attribute-based encryption (ABE) enables limiting access to encrypted data to users who possess certain attributes. Different aspects of ABE have been studied, such as the multi-authority setting (MA-ABE), and policy hiding, meaning the access policy is unknown to unauthorized parties, as in predicate encryption (PE). However, no practical scheme so far provided both properties, which are often...
متن کامل