Abstract
Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using role-based access control policies rather than information flow policies. In this paper, we provide an alternative formulation of role-based access control that enables us to apply existing cryptographic schemes to core and hierarchical role-based access control policies. We then show that special cases of our cryptographic enforcement schemes for role-based access control are equivalent to cryptographic enforcement schemes for temporal access control and to ciphertext-policy and key-policy attribute-based encryption schemes. Finally, we describe how these special cases can be extended to support richer forms of temporal access control and attribute-based encryption.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems 1(3), 239–248 (1983)
American National Standards Institute: ANSI INCITS 359-2004 for Role Based Access Control (2004)
Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. ACM Transactions on Information and System Security 12(3), 1–43 (2009)
Atallah, M., Blanton, M., Frikken, K.: Incorporating temporal capabilities in existing key management schemes. In: Proceedings of the 12th European Symposium on Research in Computer Security, pp. 515–530 (2007)
Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225 (2006)
Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 288–297 (2006)
Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)
Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for secure broadcasting of XML documents. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 31–40 (2002)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, pp. 321–334 (2007)
Crampton, J.: Authorization and antichains. Ph.D. thesis, Birkbeck, University of London, London, England (2002)
Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)
Davey, B., Priestley, H.: Introduction to Lattices and Order, 2nd edn. Cambridge University Press, Cambridge (2002)
De Santis, A., Ferrara, A., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225 (2006)
Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)
Fu, K., Kamara, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2006 (2006)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)
Harrington, A., Jensen, C.: Cryptographic access control in a distributed file system. In: Proceedings of Eighth ACM Symposium on Access Control Models and Technologies, pp. 158–165 (2003)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proceedings of the FAST 2003 Conference on File and Storage Technologies, pp. 29–42 (2003)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC (2007)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Paterson, K., Quaglia, E.: Time-specific encryption. In: Garay, J. (ed.) Proceedings of Seventh Conference on Security and Cryptography for Networks (2010) (to appear)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crampton, J. (2011). Cryptographic Enforcement of Role-Based Access Control. In: Degano, P., Etalle, S., Guttman, J. (eds) Formal Aspects of Security and Trust. FAST 2010. Lecture Notes in Computer Science, vol 6561. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19751-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-19751-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19750-5
Online ISBN: 978-3-642-19751-2
eBook Packages: Computer ScienceComputer Science (R0)