Ctyptographically enforced distributed data access control

Ibraimi, Luan

doi:10.3990/1.9789036532280

Cited by 6 publications

(2 citation statements)

References 97 publications

(177 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, this solution requires a high degree of participation by the cloud provider or third party, and the work does not address the high cost of such operations as deleting users (which can incur cascading updates). Ibraimi's thesis [41] proposes methods for outsourcing data storage using asymmetric encryption. However, the proposed method for supporting revocation requires a trusted mediator and keyshare escrow to verify all reads against a revocation list (and does not address revoked users reusing cached keyshares).…”

Section: Cryptographic Access Controlsmentioning

confidence: 99%

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Garrison

Shull

Myers

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

The ability to enforce robust and dynamic access controls on cloud-hosted data while simultaneously ensuring confidentiality with respect to the cloud itself is a clear goal for many users and organizations. To this end, there has been much cryptographic research proposing the use of (hierarchical) identity-based encryption, attribute-based encryption, predicate encryption, functional encryption, and related technologies to perform robust and private access control on untrusted cloud providers. However, the vast majority of this work studies static models in which the access control policies being enforced do not change over time. This is contrary to the needs of most practical applications, which leverage dynamic data and/or policies.In this paper, we show that the cryptographic enforcement of dynamic access controls on untrusted platforms incurs computational costs that are likely prohibitive in practice. Specifically, we develop lightweight constructions for enforcing role-based access controls (i.e., RBAC0) over cloud-hosted files using identitybased and traditional public-key cryptography. This is done under a threat model as close as possible to the one assumed in the cryptographic literature. We prove the correctness of these constructions, and leverage real-world RBAC datasets and recent techniques developed by the access control community to experimentally analyze, via simulation, their associated computational costs. This analysis shows that supporting revocation, file updates, and other state change functionality is likely to incur prohibitive overheads in even minimally-dynamic, realistic scenarios. We identify a number of bottlenecks in such systems, and fruitful areas for future work that will lead to more natural and efficient constructions for the cryptographic enforcement of dynamic access controls. Our findings naturally extend to the use of more expressive cryptographic primitives (e.g., HIBE or ABE) and richer access control models (e.g., RBAC1 or ABAC).• Registration. Each user, u, of the system must carry out an initial registration process with the administrator. The result SU

show abstract

Section: Cryptographic Access Controlsmentioning

confidence: 99%

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Garrison

Shull

Myers

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…However, they are often neglected in the existing research on cryptographic access control. There have been some initial works in this area that focus on new primitives motivated by access control systems [7,2,13] and on access control systems based on said primitives [9,12,14,6].…”

Section: Introductionmentioning

confidence: 99%

Cryptographic Role-Based Access Control, Reconsidered

Liu¹,

Michalas²,

Warinschi³

2022

Provable and Practical Security

View full text Add to dashboard Cite

A significant shortcoming of traditional access control mechanisms is their heavy reliance on reference monitors. Being single points of failure, monitors need to run in protected mode and have permanent online presence in order to handle all access requests. Cryptographic access control offers an alternative solution that provides better scalability and deployability. It relies on security guarantees of the underlying cryptographic primitives and the appropriate key distribution/management in the system. In order to rigorously study security guarantees that a cryptographic access control system can achieve, providing formal security definitions for the system is of great importance, since the security guarantee of the underlying cryptographic primitives cannot be directly translated into those of the system. In this paper, we follow the line of the existing studies on the cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study focusing on the relation between the existing security definitions for such systems, we identify two types of attacks not described in the existing works. Therefore, we propose two new security definitions with the goal of appropriately modeling cryptographic enforcement of Role-Based Access Control policies and studying the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy updates is inherently expensive by presenting two lower bounds for such systems that guarantee correctness and secure access.

show abstract

Fast and reliable online learning to rank for information retrieval

Hofmann

2013

SIGIR Forum

View full text Add to dashboard Cite

The amount of digital data we produce every day far surpasses our ability to process this data, and finding useful information in this constant flow of data has become one of the major challenges of the 21st century. Search engines are one way of accessing large data collections. Their algorithms have evolved far beyond simply matching search queries to sets of documents. Todays most sophisticated search engines combine hundreds of relevance signals to provide the best possible results for each searcher.Current approaches for tuning the parameters of search engines can be highly effective. However, they typically require considerable expertise and manual effort. They rely on supervised learning to rank, meaning that they learn from manually annotated examples of relevant documents for given queries. Obtaining large quantities of sufficiently accurate manual annotations is becoming increasingly difficult, especially for personalized search, access to sensitive data, or search in settings that change over time.In this thesis, I develop new online learning to rank techniques, based on insights from reinforcement learning. In contrast to supervised approaches, these methods allow search engines to learn directly from users interactions. User interactions can typically be observed easily and cheaply, and reflect the preferences of real users. Interpreting user interactions and learning from them is challenging, because they can be biased and noisy. The contributions of this thesis include a novel interleaved comparison method, called probabilistic interleave, that allows unbiased comparisons of search engine result rankings, and methods for learning quickly and effectively from the resulting relative feedback.The obtained analytical and experimental results show how search engines can effectively learn from user interactions. In the future, these and similar techniques can open up new ways for gaining useful information from ever larger amounts of data.The thesis is available online at http://katja-hofmann.de and http://dare.uva.nl/record/ 446342. Software written for this thesis, including reference implementations of the developed interleaving and online learning methods, is available at

show abstract

Ctyptographically enforced distributed data access control

Cited by 6 publications

References 97 publications

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud

Cryptographic Role-Based Access Control, Reconsidered

Fast and reliable online learning to rank for information retrieval

Contact Info

Product

Resources

About