In this dissertation, we present the design, technical and implementation details of our proposed policy-based access control mechanisms for untrusted environments. First of all, we provide full confidentiality of access policies in outsourced environments, where service providers do not learn private information about policies during the policy deployment and evaluation phases. Our proposed architecture is such that we are able to support expressive policies and take into account contextual information before making any access decision. The system entities do not share any encryption keys and even if a user is deleted, the system is still able to perform its operations without requiring any action. For complex user management, we have implemented a policy-based Role-Based Access Control (RBAC) mechanism, where users are assigned roles, roles are assigned permissions and users execute permissions if their roles are active in the session maintained by service providers. Finally, we offer the full-fledged RBAC policies by incorporating role hierarchies and dynamic security constraints.
In opportunistic networks, we protect content by specifying expressive access control policies. In our proposed approach, brokers match subscriptions against policies associated with content without compromising privacy of subscribers. As a result, an unauthorised broker neither gains access to content nor learns policies and authorised nodes gain access only if they satisfy fine-grained policies specified by publishers. Our proposed system provides scalable key management in which loosely-coupled publishers and subscribers communicate without any prior contact. Finally, we have developed a prototype of the system that runs on real smartphones and analysed its performance.Category / Keywords: applications / Policy Protection, Sensitive Policy Enforcement, Encrypted RBAC, Secure Opportunistic Networks, Encrypted CPABE Policies Original Publication (in the same form): http://eprints-phd.biblio.unitn.it/1124/ Date: received 22 Dec 2013 Contact author: m r asghar at alumnus tue nl Available format(s): PDF | BibTeX Citation Note: Ph.D. Dissertation Version: 20131229:113432 (All versions of this report) Discussion forum: Show discussion | Start new discussion