Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions

M. Harbach, S. Fahl, Michael Brenner, T. Muders, Matthew Smith
{"title":"Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions","authors":"M. Harbach, S. Fahl, Michael Brenner, T. Muders, Matthew Smith","doi":"10.1109/PST.2012.6297915","DOIUrl":null,"url":null,"abstract":"The growing adoption of cloud technology in sensitive application domains, such as medicine, gives rise to new problems in maintaining the privacy of the involved parties during authorisation. In such domains, an honest but curious service provider can derive sensitive information purely from the authorisation process. In this paper, we present a detailed discussion of this rising problem including a concrete example and argue the need for the combination of hidden credentials, hidden policies and hidden decisions. We then show that mechanisms explored in previous work only cover individual aspects of this problem, but do not achieve a comprehensive solution without making restrictive assumptions on the resources, policies or subjects to be protected. As a first step towards solving this problem, we introduce an abstract foundation for using homomorphic cryptography to provide the required combination of privacy as a wrapper for other access control (AC) mechanisms. We achieve hidden policies, hidden credentials and even hidden access control decisions, so that the subject of an AC request only learns whether or not access was granted. Meanwhile, the provider of a resource learns nothing at the policy decision point and only access frequencies for individual resources at the policy enforcement point. We postulate that this is the maximum achievable level of protection in the authorisation process, without making restrictive assumptions on the resources, policies or subjects to be protected. Once homomorphic cryptography achieves satisfactory performance, our model can be used to transparently add this protection to other access control models.","PeriodicalId":434948,"journal":{"name":"2012 Tenth Annual International Conference on Privacy, Security and Trust","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Tenth Annual International Conference on Privacy, Security and Trust","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2012.6297915","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13

Abstract

The growing adoption of cloud technology in sensitive application domains, such as medicine, gives rise to new problems in maintaining the privacy of the involved parties during authorisation. In such domains, an honest but curious service provider can derive sensitive information purely from the authorisation process. In this paper, we present a detailed discussion of this rising problem including a concrete example and argue the need for the combination of hidden credentials, hidden policies and hidden decisions. We then show that mechanisms explored in previous work only cover individual aspects of this problem, but do not achieve a comprehensive solution without making restrictive assumptions on the resources, policies or subjects to be protected. As a first step towards solving this problem, we introduce an abstract foundation for using homomorphic cryptography to provide the required combination of privacy as a wrapper for other access control (AC) mechanisms. We achieve hidden policies, hidden credentials and even hidden access control decisions, so that the subject of an AC request only learns whether or not access was granted. Meanwhile, the provider of a resource learns nothing at the policy decision point and only access frequencies for individual resources at the policy enforcement point. We postulate that this is the maximum achievable level of protection in the authorisation process, without making restrictive assumptions on the resources, policies or subjects to be protected. Once homomorphic cryptography achieves satisfactory performance, our model can be used to transparently add this protection to other access control models.
通过隐藏策略、隐藏凭证和隐藏决策实现保护隐私的访问控制
在医疗等敏感应用领域越来越多地采用云技术,在授权期间维护有关各方的隐私方面产生了新的问题。在这些领域中,诚实但好奇的服务提供者可以纯粹从授权过程中获取敏感信息。在本文中,我们对这一日益突出的问题进行了详细的讨论,包括一个具体的例子,并论证了隐藏凭证、隐藏策略和隐藏决策相结合的必要性。然后,我们表明,在以前的工作中探索的机制只涵盖了这个问题的各个方面,但如果没有对要保护的资源、政策或主体做出限制性假设,就无法实现全面的解决方案。作为解决这个问题的第一步,我们引入了一个抽象基础,用于使用同态加密来提供所需的隐私组合,作为其他访问控制(AC)机制的包装。我们实现了隐藏策略、隐藏凭证甚至隐藏访问控制决策,因此AC请求的主体只知道是否授予了访问权限。同时,资源的提供者在策略决策点什么也学不到,在策略实施点只学习到单个资源的访问频率。我们假设这是在授权过程中可达到的最大保护水平,而不对要保护的资源、政策或主体进行限制性假设。一旦同态加密实现了令人满意的性能,我们的模型就可以透明地将这种保护添加到其他访问控制模型中。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信