• DocumentCode
    2993865
  • Title

    Cryptographically Enforced RBAC

  • Author

    Ferrara, Anna Lisa ; Fuchsbauer, Georg ; Warinschi, Bogdan

  • Author_Institution
    Univ. of Bristol, Bristol, UK
  • fYear
    2013
  • fDate
    26-28 June 2013
  • Firstpage
    115
  • Lastpage
    129
  • Abstract
    Cryptographic access control promises to offer easily distributed trust and broader applicability, while reducing reliance on low-level online monitors. Traditional implementations of cryptographic access control rely on simple cryptographic primitives whereas recent endeavors employ primitives with richer functionality and security guarantees. Worryingly, few of the existing cryptographic access-control schemes come with precise guarantees, the gap between the policy specification and the implementation being analyzed only informally, if at all. In this paper we begin addressing this shortcoming. Unlike prior work that targeted ad-hoc policy specification, we look at the well-established Role-Based Access Control (RBAC) model, as used in a typical file system. In short, we provide a precise syntax for a computational version of RBAC, offer rigorous definitions for cryptographic policy enforcement of a large class of RBAC security policies, and demonstrate that an implementation based on attribute-based encryption meets our security notions. We view our main contribution as being at the conceptual level. Although we work with RBAC for concreteness, our general methodology could guide future research for uses of cryptography in other access-control models.
  • Keywords
    access control; cryptography; RBAC security policy; access-control model; ad-hoc policy specification; attribute-based encryption; cryptographic access control; cryptographically enforced RBAC; role-based access control model; Access control; Computational modeling; Cryptography; Games; Medical services; Monitoring; Attribute-Based Encryption; Role-Based Access Control; Security Model;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2013 IEEE 26th
  • Conference_Location
    New Orleans, LA
  • Type

    conf

  • DOI
    10.1109/CSF.2013.15
  • Filename
    6595824