TY - GEN
T1 - Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control
AU - Liu, Meng
AU - Zhang, Xuyun
AU - Yang, Chi
AU - Pang, Shaoning
AU - Puthal, Deepak
AU - Ren, Kaijun
PY - 2017
Y1 - 2017
N2 - Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.
AB - Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.
KW - Homomorphic cryptosystem
KW - Matrix product
KW - Privacy-preserving
KW - Secure multi-party computation
KW - Statically mutually exclusive roles
UR - http://www.scopus.com/inward/record.url?scp=85032369561&partnerID=8YFLogxK
U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.277
DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.277
M3 - Conference proceeding contribution
AN - SCOPUS:85032369561
T3 - IEEE Trustcom BigDataSE ISPA
SP - 502
EP - 509
BT - Proceedings, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
PB - Institute of Electrical and Electronics Engineers (IEEE)
CY - Los Alamitos, CA
T2 - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Y2 - 1 August 2017 through 4 August 2017
ER -