Privacy Enhanced Access Control by Means of Policy Blinding


Sedghi, Saeed and Hartel, Pieter and Jonker, Willem and Nikova, Svetla (2011) Privacy Enhanced Access Control by Means of Policy Blinding. In: 7th International Conference on Information Security Practice and Experience, ISPEC 2011, May 30 - June 1, 2011, Guangzhou, China (pp. pp. 108-122).

[img] PDF
Restricted to UT campus only
: Request a copy
Abstract:Traditional techniques of enforcing an access control policy
rely on an honest reference monitor to enforce the policy. However, for
applications where the resources are sensitive, the access control policy
might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it
processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably
has a psychiatric problem. The patient would consider this sensitive in-
formation, and she might prefer the honest-but-curious reference monitor
to remain oblivious of her mental problem.
We present a high level framework for querying and enforcing a role
based access control policy that identifies where sensitive information
might be disclosed. We then propose a construction which enforces a
role based access control policy cryptographically, in such a way that the
reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove
the security of our scheme showing that it works in theory, but that it
has a practical drawback. However, the practical drawback is common
to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that
there is an underlying fundamental problem that cannot be solved. We
also show why attribute based encryption techniques do not not solve the
problem of enforcing policy by an honest but curious reference monitor.
Item Type:Conference or Workshop Item
Copyright:© 2011 Springer
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page