An actor-based, application-aware access control evaluation framework

Garrison, William C.; Lee, Adam J.; Hinrichs, Timothy L.

doi:10.1145/2613087.2613099

Cited by 8 publications

(10 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We now describe our evaluation of the suitability of IBE/IBS and PKI constructions for enforcing RBAC 0 access controls. We utilize a workflow similar to that proposed in [28], in which we first evaluate the candidates' expressive power (i.e., ability to represent the desired policy as it evolves), then evaluate the cost of using each candidate using Monte Carlo simulation based on initial states obtained from real-world datasets. addU (u) -Add u to USERS -Generate IBE private key ku ← KeyGen IBE (u) and IBS private key su ← KeyGen IBS (u) for the new user u -Give ku and su to u over private and authenticated channel delU (u) -For every role r that u is a member of:…”

Section: Discussionmentioning

confidence: 99%

“…To evaluate the costs of using our constructions to enforce RBAC 0 , we utilize the simulation framework proposed in [28]. We encode RBAC 0 as a workload, with implementations in IBE/IBS and PKI as described in Sections IV-C and IV-D. Simulations are initialized from start states extracted from real-world RBAC datasets.…”

Section: Methodsmentioning

confidence: 99%

“…We use tools from the access control literature [39] to prove the correctness of our RBAC 0 constructions. To quantify the costs of using these constructions in realistic access control scenarios, we leverage a stochastic modeling and simulation-based approach developed to support access control suitability analysis [28]. Our simulations are driven by realworld RBAC datasets that allow us to explore-in a variety of environments where the RBAC 0 policy and files in the system are subject to dynamic change-the costs associated with using these constructions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Garrison

Shull

Myers

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

The ability to enforce robust and dynamic access controls on cloud-hosted data while simultaneously ensuring confidentiality with respect to the cloud itself is a clear goal for many users and organizations. To this end, there has been much cryptographic research proposing the use of (hierarchical) identity-based encryption, attribute-based encryption, predicate encryption, functional encryption, and related technologies to perform robust and private access control on untrusted cloud providers. However, the vast majority of this work studies static models in which the access control policies being enforced do not change over time. This is contrary to the needs of most practical applications, which leverage dynamic data and/or policies.In this paper, we show that the cryptographic enforcement of dynamic access controls on untrusted platforms incurs computational costs that are likely prohibitive in practice. Specifically, we develop lightweight constructions for enforcing role-based access controls (i.e., RBAC0) over cloud-hosted files using identitybased and traditional public-key cryptography. This is done under a threat model as close as possible to the one assumed in the cryptographic literature. We prove the correctness of these constructions, and leverage real-world RBAC datasets and recent techniques developed by the access control community to experimentally analyze, via simulation, their associated computational costs. This analysis shows that supporting revocation, file updates, and other state change functionality is likely to incur prohibitive overheads in even minimally-dynamic, realistic scenarios. We identify a number of bottlenecks in such systems, and fruitful areas for future work that will lead to more natural and efficient constructions for the cryptographic enforcement of dynamic access controls. Our findings naturally extend to the use of more expressive cryptographic primitives (e.g., HIBE or ABE) and richer access control models (e.g., RBAC1 or ABAC).• Registration. Each user, u, of the system must carry out an initial registration process with the administrator. The result SU

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Garrison

Shull

Myers

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Prior work has noted that practically evaluating an access control system must take into account the application in which the system is to be used, as well as additional cost metrics (e.g., computation, ease of use). This analysis problem has been identified as a system's suitability to a particular application [15], [16]. Suitability analysis formalizes an application's access control requirements (a workload), and uses expressiveness to prove that an access control system can satisfy those requirements.…”

Section: A Motivating Examplesmentioning

confidence: 99%

“…Further properties enforced above this baseline include using the identity query mapping for authorization requests (to ensure that T 's authorization questions are the queries being used to simulate S's authorization requests), forbidding string manipulations (to prohibit the state mapping from using arbitrary encodings to store information in the contents of strings such as user names), and restricting the command mapping from mapping nonadministrative commands in S to administrative commands in T . This framework has since been used to evaluate the suitability of certain general-purpose access control systems for various unique, application-specific requirements [15], [16].…”

Section: B Prior Workmentioning

confidence: 99%

Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations

Garrison

Lee

2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

Access control is fundamental to computer security, and has thus been the subject of extensive formal study. In particular, relative expressiveness analysis techniques have used formal mappings called simulations to explore whether one access control system is capable of emulating another, thereby comparing the expressive power of these systems. Unfortunately, the notions of expressiveness simulation that have been explored vary widely, which makes it difficult to compare results in the literature, and even leads to apparent contradictions between results. Furthermore, some notions of expressiveness simulation make use of non-determinism, and thus cannot be used to define mappings between access control systems that are useful in practical scenarios. In this work, we define the minimum set of properties for an implementable access control simulation; i.e., a deterministic "recipe" for using one system in place of another. We then define a wide range of properties spread across several dimensions that can be enforced on top of this minimum definition. These properties define a taxonomy that can be used to separate and compare existing notions of access control simulation, many of which were previously incomparable. We position existing notions of simulation within our properties lattice by formally proving each simulation's equivalence to a corresponding set of properties. Lastly, we take steps towards bridging the gap between theory and practice by exploring the systems implications of points within our properties lattice. This shows that relative expressive analysis is more than just a theoretical tool, and can also guide the choice of the most suitable access control system for a specific application or scenario. arXiv:1504.07948v2 [cs.CR] 1 May 2015 CDM s S).Theorem 30 CDMs= {SCa, QPa, CDi, CS1, R→}; that is, the CDM strong simulation decomposes to authorization correspondence, authorization preservation, independent command mapping, lock-step, and forward reachability. Proof: By Lemma 28, if T sim CDM s S, then S ≤ P T . By Lemma 29, if S ≤ P T , then T sim CDM s S. Thus, S ≤ P T if and only if T sim CDM s S, and thus the CDM strong simulation decomposes to {SCa, QPa, CDi, CS1, R→}.

show abstract

Dynamic Access Control Through Cryptography in Cloud

KS,

et al. 2023

ITM Web Conf.

View full text Add to dashboard Cite

In recent days, enabling encrypted access control to hosted data is attractive to organizations and many users in untrusted cloud. However, an efficient encrypted progressive access control system designing in the cloud remains a challenge. This paper proposes DAC in cryptographic, for effective access control that provides practical encryption in the system. DAC in cryptography removes permission by designate to update the encrypted data in cloud. DAC in cryptography includes file encryption with a well- formed key list that document a file key and a set of lock keys. A dedicated administrator is required to replace a new revocation key by comparing the previous key. Revocation requires a dedicated administrator to upload a new revocation key to encrypt files with the new encryption level and update the encryption key list accordingly in cloud. DAC in cryptography proposes a three-key technique to limit the key list size and later on encryption. As a result, change in access control is enforced using DAC in cryptography. This improves efficiency by not requiring high decryption or re-encryption and to upload or re-upload of large quantity of data by the administrator and assures security by revoking permissions immediately. It demonstrates the construction safety and efficiency using formalization framework and system implementations.

show abstract

An actor-based, application-aware access control evaluation framework

Cited by 8 publications

References 35 publications

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations

Dynamic Access Control Through Cryptography in Cloud

Contact Info

Product

Resources

About