Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control

Meng Liu, Xuyun Zhang, Chi Yang, Shaoning Pang, Deepak Puthal, Kaijun Ren

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

3 Citations (Scopus)

Abstract

Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.

Original languageEnglish
Title of host publicationProceedings, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
Place of PublicationLos Alamitos, CA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages502-509
Number of pages8
ISBN (Electronic)9781509049059
DOIs
Publication statusPublished - 2017
Externally publishedYes
Event16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 - Sydney, Australia
Duration: 1 Aug 20174 Aug 2017

Publication series

NameIEEE Trustcom BigDataSE ISPA
PublisherIEEE
ISSN (Print)2324-9013

Conference

Conference16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017
CountryAustralia
CitySydney
Period1/08/174/08/17

Keywords

  • Homomorphic cryptosystem
  • Matrix product
  • Privacy-preserving
  • Secure multi-party computation
  • Statically mutually exclusive roles

Fingerprint Dive into the research topics of 'Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control'. Together they form a unique fingerprint.

  • Cite this

    Liu, M., Zhang, X., Yang, C., Pang, S., Puthal, D., & Ren, K. (2017). Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control. In Proceedings, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 (pp. 502-509). (IEEE Trustcom BigDataSE ISPA). Los Alamitos, CA: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.277