Paper 2022/1268

Cryptographic Role-Based Access Control, Reconsidered

Bin Liu, Tampere University
Antonis Michalas, Tampere University, RISE Research Institutes of Sweden
Bogdan Warinschi, University of Bristol, DFINITY

A significant shortcoming of traditional access control mechanisms is their heavy reliance on reference monitors. Being single points of failure, monitors need to run in protected mode and have permanent online presence in order to handle all access requests. Cryptographic access control offers an alternative solution that provides better scalability and deployability. It relies on security guarantees of the underlying cryptographic primitives and the appropriate key distribution/management in the system. In order to rigorously study security guarantees that a cryptographic access control system can achieve, providing formal security definitions for the system is of great importance, since the security guarantee of the underlying cryptographic primitives cannot be directly translated into those of the system. In this paper, we follow the line of the existing studies on the cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study focusing on the relation between the existing security definitions for such systems, we identify two types of attacks not described in the existing works. Therefore, we propose two new security definitions with the goal of appropriately modeling cryptographic enforcement of Role-Based Access Control policies and studying the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy updates is inherently expensive by presenting two lower bounds for such systems that guarantee correctness and secure access.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. ProvSec2022
Cryptographic Access Control
Contact author(s)
bin liu @ tuni fi
antonios michalas @ tuni fi
csxbw @ bristol ac uk
2022-10-06: last of 2 revisions
2022-09-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Bin Liu and Antonis Michalas and Bogdan Warinschi},
      title = {Cryptographic Role-Based Access Control, Reconsidered},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1268},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.