Protecting Sensitive Attributes in Attribute Based Access Control

  • Guoping Zhang
  • Jing Liu
  • Jianbo Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7759)


Attribute Based Access Control (ABAC) has gradually become a hot research topic in distributed systems. While frequent disclosure of subject attributes, resource attributes or environment attributes may lead to leaks of sensitive information. This article mainly focuses on protecting privacy of resource requester in the process of ABAC, and presents a trust based sensitive attributes protection mechanism which can disclose attributes through comparing resource requester’s attribute sensitivity with resource provider’s trust level. After experiments comparison with Beth model, we get a conclusion that this mechanism has higher accuracy, without violating resource requester’s privacy.


Attributes Sensitivity Trust Level Privacy Protection Malicious Recommendation 


  1. 1.
    Eric, Y., Jin, T.: Attributed Based Access Control (ABAC) for Web Services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2005), pp. 560–569 (2005)Google Scholar
  2. 2.
    Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks. LNCS, vol. 875, pp. 1–18 (1994) Google Scholar
  3. 3.
    Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R.: Protecting Privacy during On-Line Trust Negotiation. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 129–143. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Holt, J.E., Bradshaw, R.W., Seamons, K.E., Orman, H.: Hidden credentials. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 1–8 (2003)Google Scholar
  5. 5.
    Bradshaw, R., Holt, J., Seamons, K.E.: Concealing complex policies with hidden credentials. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 146–157 (2004)Google Scholar
  6. 6.
    Li, N.H., Du, W.L., Boneh, D.: Oblivious signature-based envelope. In: Proceedings of the 22nd ACM Symposium on Principles of Distributed Computing (PODC 2003), pp. 182–189 (2003)Google Scholar
  7. 7.
    Li, J., Li, N.: OACerts: Oblivious Attribute Certificates. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 301–317. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Winsborough, W.H., Li, N.H.: Protecting sensitive attributes in automated trust negotiation. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 41–51 (2002)Google Scholar
  9. 9.
    Irwin, K., Yu, T.: Preventing Attribute Information Leakage in Automated Trust Negotiation. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 41–51 (2005)Google Scholar
  10. 10.
    Sang, A.: A Subjective Metric of Authentication. In: Proceedings of European Symposium on Research in Security, pp. 329–344 (1998)Google Scholar
  11. 11.
    Yu, T., Winslett, M.: Policy migration for sensitive credentials in trust negotiation. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 9–20 (2003)Google Scholar
  12. 12.
    Gevers, S., De Decker, B.: Privacy Friendly Information Disclosure. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 636–646. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Esmaeeli, A., Shahriari, H.R.: Privacy Protection of Grid Service Requesters through Distributed Attribute Based Access Control Model. In: Bellavista, P., Chang, R.-S., Chao, H.-C., Lin, S.-F., Sloot, P.M.A. (eds.) GPC 2010. LNCS, vol. 6104, pp. 573–582. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Kolter, J., Schillinger, R., Pernul, G.: A Privacy-Enhanced Attribute-Based Access Control System. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 129–143. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    EI-Khatib, K.: A Privacy Negotiation Protocol for Web Services. In: Workshop on Collaboration Agents: Autonomous Agents for Collaborative Environments Halifax (October 13, 2003)Google Scholar
  16. 16.
    Guajardo, J., Mennink, B., Schoenmakers, B.: Anonymous Credential Schemes with Encrypted Attributes. In: Heng, S.-H., Wright, R.N., Goi, B.-M. (eds.) CANS 2010. LNCS, vol. 6467, pp. 314–333. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Guoping Zhang
    • 1
  • Jing Liu
    • 1
  • Jianbo Liu
    • 1
  1. 1.School of Computer & Communication EngineeringChina University of PetroleumQing DaoChina

Personalised recommendations