基于属性的消息传递:访问控制和机密性

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2010-12-01 DOI:10.1145/1880022.1880025

R. Bobba, Omid Fatemieh, Fariba Khan, A. Khan, Carl A. Gunter, H. Khurana, M. Prabhakaran

{"title":"基于属性的消息传递:访问控制和机密性","authors":"R. Bobba, Omid Fatemieh, Fariba Khan, A. Khan, Carl A. Gunter, H. Khurana, M. Prabhakaran","doi":"10.1145/1880022.1880025","DOIUrl":null,"url":null,"abstract":"Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces challenges in access control and confidentiality. In this article we explore an approach to intraenterprise ABM based on providing access control and confidentiality using information from the same attribute database exploited by the addressing scheme. We show how to address three key challenges. First, we demonstrate a manageable access control system based on attributes. Second, we demonstrate use of attribute-based encryption to provide end-to-end confidentiality. Third, we show that such a system can be efficient enough to support ABM for mid-size enterprises. Our implementation can dispatch confidential ABM messages approved by XACML policy review for an enterprise of at least 60,000 users with only seconds of latency.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"56 1","pages":"31:1-31:35"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":"{\"title\":\"Attribute-Based Messaging: Access Control and Confidentiality\",\"authors\":\"R. Bobba, Omid Fatemieh, Fariba Khan, A. Khan, Carl A. Gunter, H. Khurana, M. Prabhakaran\",\"doi\":\"10.1145/1880022.1880025\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces challenges in access control and confidentiality. In this article we explore an approach to intraenterprise ABM based on providing access control and confidentiality using information from the same attribute database exploited by the addressing scheme. We show how to address three key challenges. First, we demonstrate a manageable access control system based on attributes. Second, we demonstrate use of attribute-based encryption to provide end-to-end confidentiality. Third, we show that such a system can be efficient enough to support ABM for mid-size enterprises. Our implementation can dispatch confidential ABM messages approved by XACML policy review for an enterprise of at least 60,000 users with only seconds of latency.\",\"PeriodicalId\":50912,\"journal\":{\"name\":\"ACM Transactions on Information and System Security\",\"volume\":\"56 1\",\"pages\":\"31:1-31:35\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"36\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Information and System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1880022.1880025\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1880022.1880025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 36

摘要

基于属性的消息传递(ABM)允许使用收件人的属性而不是显式的收件人列表对消息进行寻址。这种消息传递提供了效率、排他性和密集性的好处，但在访问控制和机密性方面面临挑战。在本文中，我们探索了一种基于提供访问控制和机密性的企业内部ABM方法，该方法使用来自寻址方案所利用的相同属性数据库的信息。我们将展示如何解决三个关键挑战。首先，我们演示了一个基于属性的可管理访问控制系统。其次，我们将演示如何使用基于属性的加密来提供端到端的机密性。第三，我们证明了这样一个系统可以足够有效地支持中型企业的ABM。我们的实现可以为至少有60,000个用户的企业分派经XACML策略审查批准的机密ABM消息，延迟时间只有几秒钟。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Attribute-Based Messaging: Access Control and Confidentiality

Attribute-Based Messaging (ABM) enables messages to be addressed using attributes of recipients rather than an explicit list of recipients. Such messaging offers benefits of efficiency, exclusiveness, and intensionality, but faces challenges in access control and confidentiality. In this article we explore an approach to intraenterprise ABM based on providing access control and confidentiality using information from the same attribute database exploited by the addressing scheme. We show how to address three key challenges. First, we demonstrate a manageable access control system based on attributes. Second, we demonstrate use of attribute-based encryption to provide end-to-end confidentiality. Third, we show that such a system can be efficient enough to support ABM for mid-size enterprises. Our implementation can dispatch confidential ABM messages approved by XACML policy review for an enterprise of at least 60,000 users with only seconds of latency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.