Cryptology ePrint Archive: Report 2013/492

Cryptographically Enforced RBAC

Anna Lisa Ferrara and George Fuchsbauer and Bogdan Warinschi

Abstract: Cryptographic access control promises to offer easily distributed trust and broader applicability, while reducing reliance on low-level online monitors. Traditional implementations of cryptographic access control rely on simple cryptographic primitives whereas recent endeavors employ primitives with richer functionality and security guarantees. Worryingly, few of the existing cryptographic access-control schemes come with precise guarantees, the gap between the policy speci cation and the implementation being analyzed only informally, if at all. In this paper we begin addressing this shortcoming. Unlike prior work that targeted ad-hoc policy specifi cation, we look at the well-established Role-Based Access Control (RBAC) model, as used in a typical fi le system. In short, we provide a precise syntax for a computational version of RBAC, off er rigorous de nitions for cryptographic policy enforcement of a large class of RBAC security policies, and demonstrate that an implementation based on attribute-based encryption meets our security notions. We view our main contribution as being at the conceptual level. Although we work with RBAC for concreteness, our general methodology could guide future research for uses of cryptography in other access-control models.

Category / Keywords:

Original Publication (in the same form): 2013 IEEE 26th Computer Security Foundations Symposium

Date: received 12 Aug 2013

Contact author: anna lisa ferrara at bristol ac uk

Available format(s): PDF | BibTeX Citation

Version: 20130815:072312 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]