RBAC with ABS: Implementation practicalities for RBAC integrity policies

Role-based access control (RBAC) is the de facto access control model used in current information systems. Cryptographic access control (CAC), on the other hand, is an implementation paradigm intended to enforce AC-policies cryptographically. CAC-methods are also attractive in cloud environments due to their distributed and offline nature of operation. Combining the capabilities of both RBAC and CAC fully seems elusive, though. This paper studies the feasibility of implementing RBAC with respect to write-permissions using a recent type of cryptographic schemes called attribute-based signatures (ABS), which fall under a concept called functional cryptography. We map the functionalities and elements of RBAC to ABS elements and show a sample XACML-based architecture, how signature generation and verification conforming to RBAC-type processes could be implemented.