Title :
Privacy-Preserving Enforcement of Spatially Aware RBAC
Author :
Kirkpatrick, Michael S. ; Ghinita, Gabriel ; Bertino, Elisa
Author_Institution :
Dept. of Comput. Sci., James Madison Univ., Harrisonburg, VA, USA
Abstract :
Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem. Specifically, in our scheme, a user provides a service provider with role and location tokens along with a request. The service provider consults with a role authority and a location authority to verify the tokens and evaluate the policy. However, none of the servers learn the requesting user´s identity, role, or location. In this paper, we define the protocols and the policy enforcement scheme, and present a formal proof of a number of security properties.
Keywords :
authorisation; data privacy; formal specification; trusted computing; formal proof; location authority; policy enforcement scheme; privacy-preserving enforcement; protocols; role authority; role-based access control; security properties; sensitive location information; service provider; spatially aware RBAC; token verification; trustworthy server; Access control; Encryption; Privacy; Protocols; Servers; RBAC; access control; applied cryptography.; privacy; security;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2011.62
