Universally Composable Cryptographic Role-Based Access Control

Liu, Bin; Warinschi, Bogdan

doi:10.1007/978-3-319-47422-9_4

Cited by 2 publications

(3 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We recommend the following well-documented examples for using during the studying the UC approach in classwork and homework: universally composable symmetric encryption [26], universally composable undeniable signatures [27], universally composable key management [28], universally composable role-based access control [29]. How to work with such examples?…”

Section: Embedding Universal Composability Frameworkmentioning

confidence: 99%

Studying Formal Security Proofs for Cryptographic Protocols

Kogos

Zapechnikov

2017

Information Security Education for a Global Digital Society

View full text Add to dashboard Cite

This paper discusses the problem of teaching provable security in cryptography when studying information security. The concept of provable security is one of the most important in modern cryptography, soit is necessary to integrate it into the syllabus on cryptographic protocols. Now provable security is not rare thing in basic cryptography courses. However, security proofs for cryptographic protocols are far more complicated than for primitives. We suggest the way of embedding Sequence of Games technique, Universally Composability framework, module design of protocols and other techniques into the cryptography protocols course. Our experience of teaching formal security proofs for cryptographic protocols brings quite positive effect for students' research and development.

show abstract

Section: Embedding Universal Composability Frameworkmentioning

confidence: 99%

Studying Formal Security Proofs for Cryptographic Protocols

Kogos

Zapechnikov

2017

Information Security Education for a Global Digital Society

View full text Add to dashboard Cite

show abstract

“…NEW SECURITY DEFINITIONS. The results presented in [10] show a gap between gamebased and simulation-based security definitions for cRBAC systems, which raises the following question: Do the existing security definitions appropriately capture the secure enforcement of access control policies?…”

Section: Introductionmentioning

confidence: 99%

“…al. studied security of cRBAC systems in the UC framework [10]. They proposed a UC security definition for such systems and showed that this type of security presents an impossibility result due to the commitment problem.…”

Section: Introductionmentioning

confidence: 99%

Cryptographic Role-Based Access Control, Reconsidered

Liu¹,

Michalas²,

Warinschi³

2022

Provable and Practical Security

Self Cite

View full text Add to dashboard Cite

A significant shortcoming of traditional access control mechanisms is their heavy reliance on reference monitors. Being single points of failure, monitors need to run in protected mode and have permanent online presence in order to handle all access requests. Cryptographic access control offers an alternative solution that provides better scalability and deployability. It relies on security guarantees of the underlying cryptographic primitives and the appropriate key distribution/management in the system. In order to rigorously study security guarantees that a cryptographic access control system can achieve, providing formal security definitions for the system is of great importance, since the security guarantee of the underlying cryptographic primitives cannot be directly translated into those of the system. In this paper, we follow the line of the existing studies on the cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study focusing on the relation between the existing security definitions for such systems, we identify two types of attacks not described in the existing works. Therefore, we propose two new security definitions with the goal of appropriately modeling cryptographic enforcement of Role-Based Access Control policies and studying the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy updates is inherently expensive by presenting two lower bounds for such systems that guarantee correctness and secure access.

show abstract

Universally Composable Cryptographic Role-Based Access Control

Cited by 2 publications

References 23 publications

Studying Formal Security Proofs for Cryptographic Protocols

Studying Formal Security Proofs for Cryptographic Protocols

Cryptographic Role-Based Access Control, Reconsidered

Contact Info

Product

Resources

About