Privacy-aware proof-carrying authorization

  • Authors:
  • Matteo Maffei;Kim Pecina

  • Affiliations:
  • Saarland University;Saarland University

  • Venue:
  • Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Proof-carrying authorization (PCA) is one of the most popular approaches for the enforcement of access control policies. In a nutshell, the idea is to formalize a policy as a set of logical rules and to let the requester construct a formal proof showing that she has permissions to access the desired resource according to the provider's policy. This policy may depend on logical formulas that are assumed by other principals in the system. The validity of these formulas is witnessed by digital signatures. The usage of digital signatures, however, has a serious drawback, i.e., sensitive data are leaked to the verifier, which severely limits the applicability of PCA. In this paper, we introduce the notion of privacy-aware proof-carrying authorization, an extension of PCA based on a powerful combination of digital signatures and zero-knowledge proofs of knowledge of such signatures. The former are used to witness the validity of logical formulas, the latter to selectively hide sensitive data. Our framework supports a variety of privacy properties, such as data secrecy and user anonymity. We conducted an experimental evaluation to demonstrate the feasibility of our approach.