Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Privacy Engineering for Digital Rights Management Systems
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Practical Techniques for Searches on Encrypted Data
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Concealing complex policies with hidden credentials
Proceedings of the 11th ACM conference on Computer and communications security
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
IEEE Transactions on Computers
Searchable symmetric encryption: improved definitions and efficient constructions
Proceedings of the 13th ACM conference on Computer and communications security
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Shared and Searchable Encrypted Data for Untrusted Servers
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Delegating Capabilities in Predicate Encryption Systems
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Hidden-Vector Encryption with Groups of Prime Order
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Predicate Privacy in Encryption Systems
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Multiuser private queries over encrypted databases
International Journal of Applied Cryptography
Conjunctive, subset, and range queries on encrypted data
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Predicate encryption supporting disjunctions, polynomial equations, and inner products
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Attribute-based encryption with partially hidden encryptor-specified access structures
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
OACerts: oblivious attribute certificates
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Privacy preserving keyword searches on remote encrypted data
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Anonymous hierarchical identity-based encryption (without random oracles)
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Public key encryption with conjunctive keyword search and its extension to a multi-user system
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive information, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.