Efficient and privacy-preserving enforcement of attribute-based access control

  • Authors:
  • Ning Shang;Federica Paci;Elisa Bertino

  • Affiliations:
  • Microsoft Corporation, Redmond, Washington;University of Trento, Povo, Trento;Purdue University, West Lafayette, Indiana

  • Venue:
  • Proceedings of the 9th Symposium on Identity and Trust on the Internet
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

Modern access control models, developed for protecting data from accesses across the Internet, require to verify the identity of users in order to make sure that users have the required permissions for accessing the data. User's identity consists of data, referred to as identity attributes, that encode relevant-security properties of the users. Because identity attributes often convey sensitive information about users, they have to be protected. The Oblivious Commitment-Based Envelope (OCBE) protocols address the protection requirements of both users and service providers. The OCBE protocols makes it possible for a party, referred as sender, to send an encrypted message to a receiver such that the receiver can open the message if and only if its committed value satisfies a predicate and that the sender does not learn anything about the receiver's committed value. The possible predicates are comparison predicates =, ≠, ,