Enabling Constraints and Dynamic Preventive Access Control Policy Enforcement in the Cloud

2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI:10.1109/ARES.2015.33

S. Fugkeaw, Hiroyuki Sato

{"title":"Enabling Constraints and Dynamic Preventive Access Control Policy Enforcement in the Cloud","authors":"S. Fugkeaw, Hiroyuki Sato","doi":"10.1109/ARES.2015.33","DOIUrl":null,"url":null,"abstract":"Existing access control solutions applying Cipher text Policy Attribute based Encryption (CP-ABE) scheme usually rely on the static access enforcement based on the access control policy. In real-world scenario, the static pattern of access control policy may not be sufficient to effectively respond the security problems or advanced access control requirements. In this paper, we enhance our collaborative access control model: C-CP-ARBE, to be capable to support a more rigorous access control with security constraints and preventive access policy (PAP) enforcement feature. To this end, we design constraints specification model and PAP enforcement scheme in multi-authority cloud storage systems. We employ Multi-Agent System (MAS) to automate the authentication and authorization function as well as to increase the performance of overall cryptographic processes. As of MAS concept, the scalability and separation of security functions of our access control system are enhanced. Finally, we present the experiments to demonstrate the improved efficiency and practicality of our proposed scheme.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"150 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 10th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2015.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Existing access control solutions applying Cipher text Policy Attribute based Encryption (CP-ABE) scheme usually rely on the static access enforcement based on the access control policy. In real-world scenario, the static pattern of access control policy may not be sufficient to effectively respond the security problems or advanced access control requirements. In this paper, we enhance our collaborative access control model: C-CP-ARBE, to be capable to support a more rigorous access control with security constraints and preventive access policy (PAP) enforcement feature. To this end, we design constraints specification model and PAP enforcement scheme in multi-authority cloud storage systems. We employ Multi-Agent System (MAS) to automate the authentication and authorization function as well as to increase the performance of overall cryptographic processes. As of MAS concept, the scalability and separation of security functions of our access control system are enhanced. Finally, we present the experiments to demonstrate the improved efficiency and practicality of our proposed scheme.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

在云中启用约束和动态预防性访问控制策略实施

现有的基于密文策略属性加密(CP-ABE)的访问控制方案通常依赖于基于访问控制策略的静态访问强制。在实际场景中，访问控制策略的静态模式可能不足以有效地响应安全问题或高级访问控制需求。在本文中，我们增强了我们的协作访问控制模型:C-CP-ARBE，使其能够支持具有安全约束和预防性访问策略(PAP)实施功能的更严格的访问控制。为此，我们设计了多授权云存储系统中的约束规范模型和PAP实施方案。我们采用多代理系统(Multi-Agent System, MAS)来实现认证和授权功能的自动化，并提高整个加密过程的性能。采用MAS的概念，增强了门禁系统的可扩展性和安全功能的分离性。最后，通过实验验证了该方案的有效性和实用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 10th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量