A Framework for the Cryptographic Enforcement of Information Flow Policies

被引:3
|
作者
Alderman, James [1 ]
Crampton, Jason [1 ]
Farley, Naomi [1 ]
机构
[1] Royal Holloway Univ London, Informat Secur Grp, Egham TW20 0EX, Surrey, England
来源
PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17) | 2017年
基金
欧盟地平线“2020”; 英国工程与自然科学研究理事会;
关键词
Cryptographic Enforcement Scheme; Information Flow Policy; Access Control; Cryptography; Key Assignment Scheme; Attribute-based Encryption;
D O I
10.1145/3078861.3078868
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
It is increasingly common to outsource data storage to untrusted, third party (e.g. cloud) servers. However, in such settings, low-level online reference monitors may not be appropriate for enforcing read access, and thus cryptographic enforcement schemes (CESs) may be required. Much of the research on cryptographic access control has focused on the use of specific primitives and, primarily, on how to generate appropriate keys and fails to model the access control system as a whole. Recent work in the context of role-based access control has shown a gap between theoretical policy specification and computationally secure implementations of access control policies, potentially leading to insecure implementations. Without a formal model, it is hard to (i) reason about the correctness and security of a CES, and (ii) show that the security properties of a particular cryptographic primitive are sufficient to guarantee security of the CES as a whole. In this paper, we provide a rigorous definitional framework for a CES that enforces read-only information flow policies (which encompass many practical forms of access control, including role-based policies). This framework (i) provides a tool by which instantiations of CESs can be proven correct and secure, (ii) is independent of any particular cryptographic primitives used to instantiate a CES, and (iii) helps to identify the limitations of current primitives (e.g. key assignment schemes) as components of a CES.
引用
收藏
页码:143 / 154
页数:12
相关论文
empty
未找到相关数据