Cryptographic Role-Based Access Control, Reconsidered

Bin Liu; Antonis Michalas; Bogdan Warinschi

doi:10.1007/978-3-031-20917-8_19

Cryptographic Role-Based Access Control, Reconsidered

Bin Liu, Antonis Michalas, Bogdan Warinschi

Tietotekniikka

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

1 Sitaatiot (Scopus)

14 Lataukset (Pure)

Abstrakti

In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access.

Alkuperäiskieli	Englanti
Otsikko	Provable and Practical Security - 16th International Conference, ProvSec 2022, Proceedings
Toimittajat	Chunpeng Ge, Fuchun Guo
Kustantaja	Springer
Sivut	282-289
Sivumäärä	8
ISBN (painettu)	9783031209161
DOI - pysyväislinkit	https://doi.org/10.1007/978-3-031-20917-8_19
Tila	Julkaistu - 2022
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	International Conference on Provable Security - Nanjing, Kiina Kesto: 11 marrask. 2022 → 12 marrask. 2022

Julkaisusarja

Nimi	Lecture Notes in Computer Science
Vuosikerta	13600 LNCS
ISSN (painettu)	0302-9743
ISSN (elektroninen)	1611-3349

Conference

Conference	International Conference on Provable Security
Maa/Alue	Kiina
Kaupunki	Nanjing
Ajanjakso	11/11/22 → 12/11/22

Julkaisufoorumi-taso

Jufo-taso 1

!!ASJC Scopus subject areas

Theoretical Computer Science
Yleinen tietojenkäsittelytiede

Pääsy asiakirjaan

10.1007/978-3-031-20917-8_19

cRBACr
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Accepted author manuscript, 413 KB

https://urn.fi/URN:NBN:fi:tuni-202302102252

Siteeraa tätä

@inproceedings{9d554eb6874f406ba9356155776e49dd,

title = "Cryptographic Role-Based Access Control, Reconsidered",

abstract = "In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access.",

author = "Bin Liu and Antonis Michalas and Bogdan Warinschi",

note = "Funding Information: This work was partially funded by the HARPOCRATES project, Horizon Europe and the Technology Innovation Institute (TII), Abu Dhabi, United Arab Emirates, for the project ARROWSMITH: Living (Securely) on the edge. Due to the page limit, we leave out the preliminaries, some details of the results and the proofs of the theorems. A full version of this paper can be found on https://eprint. iacr.org/2022/1268.pdf. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; International Conference on Provable Security ; Conference date: 11-11-2022 Through 12-11-2022",

year = "2022",

doi = "10.1007/978-3-031-20917-8_19",

language = "English",

isbn = "9783031209161",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "282--289",

editor = "Chunpeng Ge and Fuchun Guo",

booktitle = "Provable and Practical Security - 16th International Conference, ProvSec 2022, Proceedings",

}

Liu, B , Michalas, A & Warinschi, B 2022, Cryptographic Role-Based Access Control, Reconsidered. julkaisussa C Ge & F Guo (toim), Provable and Practical Security - 16th International Conference, ProvSec 2022, Proceedings. Lecture Notes in Computer Science, Vuosikerta 13600 LNCS, Springer, Sivut 282-289, International Conference on Provable Security, Nanjing, Kiina, 11/11/22. https://doi.org/10.1007/978-3-031-20917-8_19

Cryptographic Role-Based Access Control, Reconsidered. / Liu, Bin ; Michalas, Antonis; Warinschi, Bogdan.
Provable and Practical Security - 16th International Conference, ProvSec 2022, Proceedings. toim. / Chunpeng Ge; Fuchun Guo. Springer, 2022. s. 282-289 (Lecture Notes in Computer Science; Vuosikerta 13600 LNCS).

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

TY - GEN

T1 - Cryptographic Role-Based Access Control, Reconsidered

AU - Liu, Bin

AU - Michalas, Antonis

AU - Warinschi, Bogdan

N1 - Funding Information: This work was partially funded by the HARPOCRATES project, Horizon Europe and the Technology Innovation Institute (TII), Abu Dhabi, United Arab Emirates, for the project ARROWSMITH: Living (Securely) on the edge. Due to the page limit, we leave out the preliminaries, some details of the results and the proofs of the theorems. A full version of this paper can be found on https://eprint. iacr.org/2022/1268.pdf. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access.

AB - In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access.

U2 - 10.1007/978-3-031-20917-8_19

DO - 10.1007/978-3-031-20917-8_19

M3 - Conference contribution

AN - SCOPUS:85142696280

SN - 9783031209161

T3 - Lecture Notes in Computer Science

SP - 282

EP - 289

BT - Provable and Practical Security - 16th International Conference, ProvSec 2022, Proceedings

A2 - Ge, Chunpeng

A2 - Guo, Fuchun

PB - Springer

T2 - International Conference on Provable Security

Y2 - 11 November 2022 through 12 November 2022

ER -

Cryptographic Role-Based Access Control, Reconsidered

Abstrakti

Julkaisusarja

Conference

Julkaisufoorumi-taso

!!ASJC Scopus subject areas

Pääsy asiakirjaan

Sormenjälki

Siteeraa tätä