A Framework for the Cryptographic Enforcement of Information Flow Policies

被引:3
|
作者
Alderman, James [1 ]
Crampton, Jason [1 ]
Farley, Naomi [1 ]
机构
[1] Royal Holloway Univ London, Informat Secur Grp, Egham TW20 0EX, Surrey, England
来源
PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17) | 2017年
基金
欧盟地平线“2020”; 英国工程与自然科学研究理事会;
关键词
Cryptographic Enforcement Scheme; Information Flow Policy; Access Control; Cryptography; Key Assignment Scheme; Attribute-based Encryption;
D O I
10.1145/3078861.3078868
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
It is increasingly common to outsource data storage to untrusted, third party (e.g. cloud) servers. However, in such settings, low-level online reference monitors may not be appropriate for enforcing read access, and thus cryptographic enforcement schemes (CESs) may be required. Much of the research on cryptographic access control has focused on the use of specific primitives and, primarily, on how to generate appropriate keys and fails to model the access control system as a whole. Recent work in the context of role-based access control has shown a gap between theoretical policy specification and computationally secure implementations of access control policies, potentially leading to insecure implementations. Without a formal model, it is hard to (i) reason about the correctness and security of a CES, and (ii) show that the security properties of a particular cryptographic primitive are sufficient to guarantee security of the CES as a whole. In this paper, we provide a rigorous definitional framework for a CES that enforces read-only information flow policies (which encompass many practical forms of access control, including role-based policies). This framework (i) provides a tool by which instantiations of CESs can be proven correct and secure, (ii) is independent of any particular cryptographic primitives used to instantiate a CES, and (iii) helps to identify the limitations of current primitives (e.g. key assignment schemes) as components of a CES.
引用
收藏
页码:143 / 154
页数:12
相关论文
共 50 条
  • [1] Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies
    Crampton, Jason
    Farley, Naomi
    Gutin, Gregory
    Jones, Mark
    DATA AND APPLICATIONS SECURITY AND PRIVACY XXIX, 2015, 9149 : 330 - 345
  • [2] Semantics and Enforcement of Expressive Information Flow Policies
    Banerjee, Anindya
    FORMAL ASPECTS IN SECURITY AND TRUST, 2010, 5983 : 1 - 3
  • [3] Designing Secure Cryptographic Accelerators with Information Flow Enforcement: A Case Study on AES
    Jiang, Zhenghong
    Jin, Hanchen
    Suh, G. Edward
    Zhang, Zhiru
    PROCEEDINGS OF THE 2019 56TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2019,
  • [4] Flow policies: Specification and enforcement
    Bertino, E
    Ferrari, E
    Mella, G
    CONFERENCE PROCEEDINGS OF THE 2004 IEEE INTERNATIONAL PERFORMANCE, COMPUTING, AND COMMUNICATIONS CONFERENCE, 2004, : 681 - 686
  • [5] Cryptographic Enforcement of Language-Based Information Erasure
    Askarov, Aslan
    Moore, Scott
    Dimoulas, Christos
    Chong, Stephen
    2015 IEEE 28TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM CSF 2015, 2015, : 334 - 348
  • [6] Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
    Berlato, Stefano
    Carbone, Roberto
    Ranise, Silvio
    SECRYPT 2021: PROCEEDINGS OF THE 18TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2021, : 370 - 381
  • [7] Cryptographic Enforcement of Access Control Policies: Models, Applications, and Future Directions
    Masucci, Barbara
    PROCEEDINGS OF THE 29TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2024, 2024, : 3 - 4
  • [9] Verified Enforcement of Stateful Information Release Policies
    Swamy, Nikhil
    Hicks, Michael
    PLAS'08: PROCEEDINGS OF THE ACM SIGPLAN THIRD WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY, 2008, : 21 - 31
  • [10] Quantifying information flow in cryptographic systems
    Backes, Michael
    Koepf, Boris
    MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE, 2015, 25 (02) : 457 - 479