Monday 15 July 2013

4 papers reviewed:
Keith Frikken, Mikhail Atallah, and Jiangtao Li. 2006. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Trans. Comput. 55, 10 (October 2006), 1259-1270. DOI=10.1109/TC.2006.158 http://dx.doi.org/10.1109/TC.2006.158

Key points:

  • PROBLEM:
    • Hiding the access policy from clients and hiding client attributes from the server.
  • CONTRIBUTION: 
    • Previous works on this topic revealed parts of the ACP to clients. The proposed solution claims to reveal nothing of the ACP.
    • A client and owner engage in a protocol. The client provides the protocol a subset of her credentials and the owner provides to client the hidden ACP and protected data. If attributes in credentials supplied to protocols satisfy the ACP, she gets the revealed data.
    • Uses techniques of homomorphic encryption, oblivious transfer, scrambled circuit evaluation and shuffling.
  • Strengths/Weakness:
    • The client learns little information as possible about the ACP and the owner learns as little information as possible about the client’s credentials.
    • The server does not learn which credentials a client has from the protocols.
    • The scheme is policy indistinguishable in that 2 policies that evaluate to the same value for the client’s credentials have indistinguishable transcripts and hence client learns nothing about the policy other than whether access is granted.
    • Scheme relies heavily on exchange of information which could leak some information potentially.
    • With growing number of attributes, communication complexity increases exponentially.
    • System works only for policies that check for the presence of certain attributes.

Deqing Zou; Zhensong Liao, "A New Approach for Hiding Policy and Checking Policy Consistency," Information Security and Assurance, 2008. ISA 2008. International Conference on , vol., no., pp.237,242, 24-26 April 2008
doi: 10.1109/ISA.2008.39

Key points:

  • PROBLEM:
    • Disclosure of sensitive policies may cause damages
    • Furthermore, some polices tend to be self-contradictory and hence a checking mechanism is required.
    • MAC and RBAC techniques could not work well in terms of resource sharing due to limitations in their design and application.
  • CONTRIBUTION: 
    • A new method to hide access control policy using ATN (Automated Trust Negotiation).
    • A new thought to handle policy consistency.
    • New approach for protecting user’s privacy.
    • Avoiding unwanted negotiation failure and improving negotiation efficiency.
  • Strengths/Weakness:
    • Previous work is shown to be effective but difficult to implement in the real world and hence claims the new solution will be efficient to implement. 
    • Paper uses matrices and is very mathematical.



Xinfeng Ye; Mingyu Gao, "Access Control with Hidden Policies and Credentials for Service Computing," Services Computing (SCC), 2012 IEEE Ninth International Conference on , vol., no., pp.242,249, 24-29 June 2012 doi: 10.1109/SCC.2012.13

Key points:

  • PROBLEM:
    • How to keep credentials and access control policies secret from the service providers.
  • CONTRIBUTION: 
    • Scheme uses cryptographic techniques to hide the policies and credentials needed to access data.
    • Cryptographic keys are used to represent the credentials and policies.
    • The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.
  • Strengths/Weakness:
    • Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.
    • Previous works that focus on policy hiding are computationally intensive and very inefficient.


Marian Harbach, Sascha Fahl, Michael Brenner, Thomas Muders, and Matthew Smith. 2012. Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions. In Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST) (PST '12). IEEE Computer Society, Washington, DC, USA, 17-24. DOI=10.1109/PST.2012.6297915 http://dx.doi.org/10.1109/PST.2012.6297915

Key points:

  • PROBLEM:
    • The need for hidden policies, hidden credentials, and hidden decisions.
    • The central issue with resource sharing in the Cloud is that of trust.
  • CONTRIBUTION: 
    • Argue for the need for hidden policies, credentials and decisions.
    • Present an approach using Homomorphic cryptography Supported Access Control (HSAC) as a first step to achieving the above properties.
    • The paper devises a cryptosystem that allows keys to be generated according to the policies and the client’s credentials efficiently.
  • Strengths/Weakness:
    • Many previous works do not attempt to hide the policies or credentials and hence the novelty of the work is good.
    • Previous works that focus on policy hiding are computationally intensive and very inefficient.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)