Skip to main content
Springer Nature Link
Log in

Cryptographic Role-Based Access Control, Reconsidered

  • Conference paper
  • First Online:
Provable and Practical Security (ProvSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13600))

Included in the following conference series:

  • 488 Accesses

Abstract

In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access.

This work was partially funded by the HARPOCRATES project, Horizon Europe and the Technology Innovation Institute (TII), Abu Dhabi, United Arab Emirates, for the project ARROWSMITH: Living (Securely) on the edge.

Due to the page limit, we leave out the preliminaries, some details of the results and the proofs of the theorems. A full version of this paper can be found on https://eprint.iacr.org/2022/1268.pdf.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alderman, J., Crampton, J., Farley, N.: A framework for the cryptographic enforcement of information flow policies. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, SACMAT 2017, Indianapolis, IN, USA, 21–23 June 2017, pp. 143–154 (2017)

    Google Scholar 

  2. Clear, M., Hughes, A., Tewari, H.: Homomorphic encryption with access policies: characterization and new constructions. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 61–87. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38553-7_4

    Chapter  Google Scholar 

  3. Ferrara, A.L., Fachsbauer, G., Liu, B., Warinschi, B.: Policy privacy in cryptographic access control. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17 July 2015, pp. 46–60 (2015)

    Google Scholar 

  4. Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: 2013 IEEE 26th Computer Security Foundations Symposium, New Orleans, LA, USA, 26–28 June 2013, pp. 115–129 (2013)

    Google Scholar 

  5. Halevi, S., Karger, P.A., Naor, D.: Enforcing confinement in distributed storage and a cryptographic model for access control. IACR Cryptology ePrint Archive, 2005:169 (2005)

    Google Scholar 

  6. Huang, J., Sharaf, M.A., Huang, C.-T.: A hierarchical framework for secure and scalable EHR sharing and access control in multi-cloud. In: 41st International Conference on Parallel Processing Workshops, ICPPW 2012, Pittsburgh, PA, USA, 10–13 September 2012, pp. 279–287 (2012)

    Google Scholar 

  7. Ibraimi, L.: Cryptographically enforced distributed data access control. University of Twente (2011)

    Google Scholar 

  8. Garrison III, W.C., Shull, A., Lee, A.J., Myers, S.: Dynamic and private cryptographic access control for untrusted clouds: costs and constructions (extended version). CoRR, abs/1602.09069 (2016)

    Google Scholar 

  9. Jahid, S., Mittal, P., Borisov, N.: EASiER: encryption-based access control in social networks with efficient revocation. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, 22–24 March 2011, pp. 411–415 (2011)

    Google Scholar 

  10. Liu, B., Warinschi, B.: Universally composable cryptographic role-based access control. In: Chen, L., Han, J. (eds.) ProvSec 2016. LNCS, vol. 10005, pp. 61–80. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47422-9_4

    Chapter  Google Scholar 

  11. Qi, S., Zheng, Y.: Crypt-DAC: cryptographically enforced dynamic access control in the cloud. IEEE Trans. Dependable Secur. Comput. 18(2), 765–779 (2021)

    Article  Google Scholar 

  12. Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 735–737 (2010)

    Google Scholar 

  13. Weber, S.G.: Designing a hybrid attribute-based encryption scheme supporting dynamic attributes. IACR Cryptology ePrint Archive, 2013:219 (2013)

    Google Scholar 

  14. Zhu, Y., Ahn, G.-J., Hu, H., Wang, H.: Cryptographic role-based security mechanisms based on role-key hierarchy. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, Beijing, China, 13–16 April 2010, pp. 314–319 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tampere University, Tampere, Finland

    Bin Liu & Antonis Michalas

  2. RISE Research Institutes of Sweden, Gothenburg, Sweden

    Antonis Michalas

  3. DFINITY, Zürich, Switzerland

    Bogdan Warinschi

  4. University of Bristol, Bristol, UK

    Bogdan Warinschi

Authors
  1. Bin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonis Michalas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bogdan Warinschi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bin Liu .

Editor information

Editors and Affiliations

  1. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Chunpeng Ge

  2. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, B., Michalas, A., Warinschi, B. (2022). Cryptographic Role-Based Access Control, Reconsidered. In: Ge, C., Guo, F. (eds) Provable and Practical Security. ProvSec 2022. Lecture Notes in Computer Science, vol 13600. Springer, Cham. https://doi.org/10.1007/978-3-031-20917-8_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20917-8_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20916-1

  • Online ISBN: 978-3-031-20917-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics