Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Formal Aspects in Security and Trust

FAST 2010: Formal Aspects of Security and Trust pp 191–205Cite as

Cryptographic Enforcement of Role-Based Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6561))

Abstract

Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using role-based access control policies rather than information flow policies. In this paper, we provide an alternative formulation of role-based access control that enables us to apply existing cryptographic schemes to core and hierarchical role-based access control policies. We then show that special cases of our cryptographic enforcement schemes for role-based access control are equivalent to cryptographic enforcement schemes for temporal access control and to ciphertext-policy and key-policy attribute-based encryption schemes. Finally, we describe how these special cases can be extended to support richer forms of temporal access control and attribute-based encryption.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems 1(3), 239–248 (1983)

    Article  Google Scholar 

  2. American National Standards Institute: ANSI INCITS 359-2004 for Role Based Access Control (2004)

    Google Scholar 

  3. Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. ACM Transactions on Information and System Security 12(3), 1–43 (2009)

    Article  Google Scholar 

  4. Atallah, M., Blanton, M., Frikken, K.: Incorporating temporal capabilities in existing key management schemes. In: Proceedings of the 12th European Symposium on Research in Computer Security, pp. 515–530 (2007)

    Google Scholar 

  5. Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225 (2006)

    Google Scholar 

  6. Ateniese, G., De Santis, A., Ferrara, A., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 288–297 (2006)

    Google Scholar 

  7. Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)

    Article  Google Scholar 

  8. Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for secure broadcasting of XML documents. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 31–40 (2002)

    Google Scholar 

  9. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, pp. 321–334 (2007)

    Google Scholar 

  10. Crampton, J.: Authorization and antichains. Ph.D. thesis, Birkbeck, University of London, London, England (2002)

    Google Scholar 

  11. Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proceedings of 19th Computer Security Foundations Workshop, pp. 98–111 (2006)

    Google Scholar 

  12. Davey, B., Priestley, H.: Introduction to Lattices and Order, 2nd edn. Cambridge University Press, Cambridge (2002)

    Book  MATH  Google Scholar 

  13. De Santis, A., Ferrara, A., Masucci, B.: Efficient provably-secure hierarchical key assignment schemes. Cryptology ePrint Archive, Report 2006/225 (2006)

    Google Scholar 

  14. Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  15. Fu, K., Kamara, S., Kohno, T.: Key regression: Enabling efficient key distribution for secure distributed storage. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2006 (2006)

    Google Scholar 

  16. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)

    Google Scholar 

  17. Harrington, A., Jensen, C.: Cryptographic access control in a distributed file system. In: Proceedings of Eighth ACM Symposium on Access Control Models and Technologies, pp. 158–165 (2003)

    Google Scholar 

  18. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proceedings of the FAST 2003 Conference on File and Storage Technologies, pp. 29–42 (2003)

    Google Scholar 

  19. Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC (2007)

    Google Scholar 

  20. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)

    Article  Google Scholar 

  21. Paterson, K., Quaglia, E.: Time-specific encryption. In: Garay, J. (ed.) Proceedings of Seventh Conference on Security and Cryptography for Networks (2010) (to appear)

    Google Scholar 

  22. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, UK

    Jason Crampton

Authors
  1. Jason Crampton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, 56127, Pisa, Italy

    Pierpaolo Degano

  2. Faculty of Mathematics and Computer Science, Technical University of Eindhoven, P.O. Box 513, 5600, Eindhoven, MB, The Netherlands

    Sandro Etalle

  3. Computer Science, Worcester Polytechnic Institute, 100 Institute Road, 01609, Worcester, MA, USA

    Joshua Guttman

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Crampton, J. (2011). Cryptographic Enforcement of Role-Based Access Control. In: Degano, P., Etalle, S., Guttman, J. (eds) Formal Aspects of Security and Trust. FAST 2010. Lecture Notes in Computer Science, vol 6561. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19751-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19751-2_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19750-5

  • Online ISBN: 978-3-642-19751-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation