skip to main content
10.1145/3589608.3595079acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
poster

Poster: APETEEt -- Secure Enforcement of ABAC Policies using Trusted Execution Environment

Published: 24 May 2023 Publication History

Abstract

We introduce a novel framework for efficient enforcement of Attribute-Based Access Control (ABAC) policies using trusted execution environment. An ABAC policy is represented in the form of a height-balanced tree constructed and deployed in the trusted enclave. Both the policy and its enforcement are thus protected against intentional or accidental changes. The modular design of our framework enables any application to use its APIs for building secure ABAC systems. Our initial experiments show promising results.

Supplemental Material

MP4 File
This is a short presentation video that describes APETEEt which is a secure policy enforcement framework for attribute based access control policies using trusted execution environments.

References

[1]
Intel Corporation. 2016. Intel SGX SDK. https://download.01.org/intel-sgx/latest/linux-latest/docs Accessed:2023-04-02.
[2]
Intel Corporation. 2021. 12th Generation Intel Core Processors Datasheet. https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/010 Accessed:2023-04-27.
[3]
Judicael Briand Djoko. 2020. Towards Practical Access Control and Usage Control on the Cloud Using Trusted Hardware. Ph.,D. Dissertation. University of Pittsburgh.
[4]
Thang Hoang, Rouzbeh Behnia, Yeongjin Jang, and Attila A. Yavuz. 2020. MOSE: Practical Multi-User Oblivious Storage via Secure Enclaves. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (New Orleans, LA, USA) (CODASPY '20). Association for Computing Machinery, New York, NY, USA, 17--28. https://doi.org/10.1145/3374664.3375749
[5]
Vincent C. Hu et al. 2019. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927500
[6]
Sandeep Kumar and Smruti R. Sarangi. 2021. SecureFS: A Secure File System for Intel SGX. In Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses (San Sebastian, Spain) (RAID '21). Association for Computing Machinery, New York, NY, USA, 91--102. https://doi.org/10.1145/3471621.3471840
[7]
Ronit Nath et al. 2019. PolTree: A Data Structure for Making Efficient Access Decisions in ABAC. In 24th ACM Symposium on Access Control Models and Technologies. 25--35.
[8]
Kristoffer Myrseth Severinsen. 2017. Secure Programming with Intel SGX and Novel Applications. Master's thesis. University of Oslo.

Index Terms

  1. Poster: APETEEt -- Secure Enforcement of ABAC Policies using Trusted Execution Environment

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '23: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies
    May 2023
    218 pages
    ISBN:9798400701733
    DOI:10.1145/3589608
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 24 May 2023

    Check for updates

    Author Tags

    1. abac
    2. secure policy enforcement
    3. trusted execution environment

    Qualifiers

    • Poster

    Data Availability

    This is a short presentation video that describes APETEEt which is a secure policy enforcement framework for attribute based access control policies using trusted execution environments. https://dl.acm.org/doi/10.1145/3589608.3595079#sacmat74pa.mp4

    Conference

    SACMAT '23
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 112
      Total Downloads
    • Downloads (Last 12 months)36
    • Downloads (Last 6 weeks)4
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media