A Privacy-Preserving Attribute-Based Access Control Scheme

  • Yang XuEmail author
  • Quanrun Zeng
  • Guojun Wang
  • Cheng Zhang
  • Ju Ren
  • Yaoxue Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)


The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users’ privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users’ attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.


Attribute-based access control Privacy Security Secure multi-party computation Homomorphic encryption 



This work was supported by the National Natural Science Foundation of China under Grants 61702561, 61702562, and 61632009, the Hunan Provincial Innovation Foundation for Postgraduate under Grant CX2015B047, and the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006.


  1. 1.
    Fernando, N., Loke, S.W., Rahayu, W.: Mobile cloud computing: a survey. Future Gener. Comput. Syst. 29(1), 84–106 (2013)CrossRefGoogle Scholar
  2. 2.
    Mao, Y., You, C., Zhang, J., Huang, K., Letaief, K.B.: A survey on mobile edge computing: the communication perspective. IEEE Commun. Surv. Tutor. 19(4), 2322–2358 (2017)CrossRefGoogle Scholar
  3. 3.
    Zhang, Y., Guo, K., Ren, J., Wang, J., Chen, J.: Transparent computing: a promising network computing paradigm. Comput. Sci. Eng. 19(1), 7–20 (2017)CrossRefGoogle Scholar
  4. 4.
    Lindqvist, H.: Mandatory access control. Master’s thesis, Umea University, Sweden (2006)Google Scholar
  5. 5.
    Li, N.: Discretionary access control. In: IEEE Symposium on Security & Privacy, vol. 13, pp. 96–109. IEEE (2011)Google Scholar
  6. 6.
    Sandhu, R.S., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM Workshop on Role-Based Access Control, pp. 47–63. ACM (2000)Google Scholar
  7. 7.
    Hu, C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication (2014)Google Scholar
  8. 8.
    Servos, D., Osborn, S.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65–107 (2017)CrossRefGoogle Scholar
  9. 9.
    Ni, D., Shi, H., Chen, Y., Guo, J.: Attribute based access control (ABAC)-based cross-domain access control in service-oriented architecture (SOA). In: IEEE International Conference on Computer Science & Service System (CSSS 2012), pp. 1405–1408. IEEE (2012)Google Scholar
  10. 10.
    Xu, Y., Gao, W., Zeng, Q., Wang, G., Ren, J., Zhang, Y.: FABAC: a flexible fuzzy attribute-based access control mechanism. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 332–343. Springer, Cham (2017). Scholar
  11. 11.
    Xu, Y., Gao, W., Zeng, Q., Wang, G., Ren, J., Zhang, Y.: A feasible fuzzy-extended attribute-based access control technique. Secur. Commun. Netw. 2018, 1–11 (2018)Google Scholar
  12. 12.
    Jin, X.: Attribute-based access control models and implementation in cloud infrastructure as a service. Doctoral thesis. The University of Texas at San. Antonio, USA (2014)Google Scholar
  13. 13.
    Qiu, M., Gai, K., Thuraisingham, B., Tao, L., Zhao, H.: Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Gener. Comput. Syst. 80, 421–429 (2018)CrossRefGoogle Scholar
  14. 14.
    Gupta, M., Patwa, F., Sandhu, R.: An Attribute-based access control model for secure big data processing in Hadoop ecosystem. In: ACM Workshop, pp. 13–24. ACM (2018)Google Scholar
  15. 15.
    Cavoukian, A., Chibba, M., Williamson, G., Ferguson, A.: The importance of ABAC: attribute-based access control to big data: privacy and context. Research report. Ryerson University, Canada (2015)Google Scholar
  16. 16.
    Sciancalepore, S., et al.: Attribute-based access control scheme in federated IoT platforms. In: Podnar Žarko, I., Broering, A., Soursos, S., Serrano, M. (eds.) InterOSS-IoT 2016. LNCS, vol. 10218, pp. 123–138. Springer, Cham (2017). Scholar
  17. 17.
    Monir, S.: A lightweight attribute-based access control system for IoT. Master’s thesis. University of Saskatchewan, Saskatoon (2017)Google Scholar
  18. 18.
    Axiomatics. Accessed 5 Sept 2018
  19. 19.
    NextLabs. Accessed 17 June 2018
  20. 20.
    Irwin, K., Yu, T.: Preventing attribute information leakage in automated trust negotiation. In: 12th ACM Conference on Computer and Communications Security, pp. 36–45. ACM (2005)Google Scholar
  21. 21.
    Wu, K., Gao, H.: Attribute-based access control for web service with requester’s attribute privacy protected. In: International Conference on Informational Technology and Environmental, pp. 932–936 (2008)Google Scholar
  22. 22.
    Sang, P., Chung, S.: Privacy-preserving attribute-based access control for grid computing. Int. J. Grid Util. Comput. 5(4), 286–296 (2014)CrossRefGoogle Scholar
  23. 23.
    Zhang, G., Liu, J., Liu, J.: Protecting sensitive attributes in attribute based access control. In: Ghose, A., et al. (eds.) ICSOC 2012. LNCS, vol. 7759, pp. 294–305. Springer, Heidelberg (2013). Scholar
  24. 24.
    Esmaeeli, A., Shahriari, H.R.: Privacy protection of grid service requesters through distributed attribute based access control model. In: Bellavista, P., Chang, R.-S., Chao, H.-C., Lin, S.-F., Sloot, P.M.A. (eds.) GPC 2010. LNCS, vol. 6104, pp. 573–582. Springer, Heidelberg (2010). Scholar
  25. 25.
    Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 129–143. Springer, Heidelberg (2007). Scholar
  26. 26.
    Put, A., De Decker, B.: Attribute-based privacy-friendly access control with context. In: Obaidat, M.S. (ed.) ICETE 2016. CCIS, vol. 764, pp. 291–315. Springer, Cham (2017). Scholar
  27. 27.
    Yao, A.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science (SFCS 1982), pp. 160–164. IEEE (1982)Google Scholar
  28. 28.
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. Found. Secure Comput. 4(11), 169–180 (1978)MathSciNetGoogle Scholar
  29. 29.
    Lin, H.-Y., Tzeng, W.-G.: An efficient solution to the Millionaires’ problem based on homomorphic encryption. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 456–466. Springer, Heidelberg (2005). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Yang Xu
    • 1
    Email author
  • Quanrun Zeng
    • 1
  • Guojun Wang
    • 2
  • Cheng Zhang
    • 1
  • Ju Ren
    • 1
  • Yaoxue Zhang
    • 1
  1. 1.School of Information Science and EngineeringCentral South UniversityChangshaChina
  2. 2.School of Computer Science and TechnologyGuangzhou UniversityGuangzhouChina

Personalised recommendations