Abstract
The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users’ privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users’ attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that the authenticity and accuracy of the submitted attributes can be guaranteed with the supports of digital signature and terminal-oriented trusted computing techniques, which are orthogonal to our work and out of the scope of this paper.
References
Fernando, N., Loke, S.W., Rahayu, W.: Mobile cloud computing: a survey. Future Gener. Comput. Syst. 29(1), 84–106 (2013)
Mao, Y., You, C., Zhang, J., Huang, K., Letaief, K.B.: A survey on mobile edge computing: the communication perspective. IEEE Commun. Surv. Tutor. 19(4), 2322–2358 (2017)
Zhang, Y., Guo, K., Ren, J., Wang, J., Chen, J.: Transparent computing: a promising network computing paradigm. Comput. Sci. Eng. 19(1), 7–20 (2017)
Lindqvist, H.: Mandatory access control. Master’s thesis, Umea University, Sweden (2006)
Li, N.: Discretionary access control. In: IEEE Symposium on Security & Privacy, vol. 13, pp. 96–109. IEEE (2011)
Sandhu, R.S., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM Workshop on Role-Based Access Control, pp. 47–63. ACM (2000)
Hu, C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication (2014)
Servos, D., Osborn, S.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65–107 (2017)
Ni, D., Shi, H., Chen, Y., Guo, J.: Attribute based access control (ABAC)-based cross-domain access control in service-oriented architecture (SOA). In: IEEE International Conference on Computer Science & Service System (CSSS 2012), pp. 1405–1408. IEEE (2012)
Xu, Y., Gao, W., Zeng, Q., Wang, G., Ren, J., Zhang, Y.: FABAC: a flexible fuzzy attribute-based access control mechanism. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 332–343. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_27
Xu, Y., Gao, W., Zeng, Q., Wang, G., Ren, J., Zhang, Y.: A feasible fuzzy-extended attribute-based access control technique. Secur. Commun. Netw. 2018, 1–11 (2018)
Jin, X.: Attribute-based access control models and implementation in cloud infrastructure as a service. Doctoral thesis. The University of Texas at San. Antonio, USA (2014)
Qiu, M., Gai, K., Thuraisingham, B., Tao, L., Zhao, H.: Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Gener. Comput. Syst. 80, 421–429 (2018)
Gupta, M., Patwa, F., Sandhu, R.: An Attribute-based access control model for secure big data processing in Hadoop ecosystem. In: ACM Workshop, pp. 13–24. ACM (2018)
Cavoukian, A., Chibba, M., Williamson, G., Ferguson, A.: The importance of ABAC: attribute-based access control to big data: privacy and context. Research report. Ryerson University, Canada (2015)
Sciancalepore, S., et al.: Attribute-based access control scheme in federated IoT platforms. In: Podnar Žarko, I., Broering, A., Soursos, S., Serrano, M. (eds.) InterOSS-IoT 2016. LNCS, vol. 10218, pp. 123–138. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56877-5_8
Monir, S.: A lightweight attribute-based access control system for IoT. Master’s thesis. University of Saskatchewan, Saskatoon (2017)
Axiomatics. https://www.axiomatics.com. Accessed 5 Sept 2018
NextLabs. https://www.nextlabs.com. Accessed 17 June 2018
Irwin, K., Yu, T.: Preventing attribute information leakage in automated trust negotiation. In: 12th ACM Conference on Computer and Communications Security, pp. 36–45. ACM (2005)
Wu, K., Gao, H.: Attribute-based access control for web service with requester’s attribute privacy protected. In: International Conference on Informational Technology and Environmental, pp. 932–936 (2008)
Sang, P., Chung, S.: Privacy-preserving attribute-based access control for grid computing. Int. J. Grid Util. Comput. 5(4), 286–296 (2014)
Zhang, G., Liu, J., Liu, J.: Protecting sensitive attributes in attribute based access control. In: Ghose, A., et al. (eds.) ICSOC 2012. LNCS, vol. 7759, pp. 294–305. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37804-1_30
Esmaeeli, A., Shahriari, H.R.: Privacy protection of grid service requesters through distributed attribute based access control model. In: Bellavista, P., Chang, R.-S., Chao, H.-C., Lin, S.-F., Sloot, P.M.A. (eds.) GPC 2010. LNCS, vol. 6104, pp. 573–582. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13067-0_59
Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 129–143. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_11
Put, A., De Decker, B.: Attribute-based privacy-friendly access control with context. In: Obaidat, M.S. (ed.) ICETE 2016. CCIS, vol. 764, pp. 291–315. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67876-4_14
Yao, A.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science (SFCS 1982), pp. 160–164. IEEE (1982)
Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. Found. Secure Comput. 4(11), 169–180 (1978)
Lin, H.-Y., Tzeng, W.-G.: An efficient solution to the Millionaires’ problem based on homomorphic encryption. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 456–466. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_31
Acknowledgments
This work was supported by the National Natural Science Foundation of China under Grants 61702561, 61702562, and 61632009, the Hunan Provincial Innovation Foundation for Postgraduate under Grant CX2015B047, and the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Xu, Y., Zeng, Q., Wang, G., Zhang, C., Ren, J., Zhang, Y. (2018). A Privacy-Preserving Attribute-Based Access Control Scheme. In: Wang, G., Chen, J., Yang, L. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2018. Lecture Notes in Computer Science(), vol 11342. Springer, Cham. https://doi.org/10.1007/978-3-030-05345-1_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-05345-1_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05344-4
Online ISBN: 978-3-030-05345-1
eBook Packages: Computer ScienceComputer Science (R0)