Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control

Liu, M; Zhang, X; Yang, C; Pang, S; Puthal, D; Ren, K

Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control

Liu, M Zhang, X Yang, C Pang, S Puthal, D

Ren, K

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, 2017, pp. 502 - 509
Issue Date:: 2017-09-07

Closed Access

	Filename	Description	Size
	Privacy-preserving Detection of Statically Mutually Exclusive Roles Constraints.pdf	Published version	294.93 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Liu, M	en_US
dc.contributor.author	Zhang, X	en_US
dc.contributor.author	Yang, C	en_US
dc.contributor.author	Pang, S	en_US
dc.contributor.author	Puthal, D https://orcid.org/0000-0002-8332-278X	en_US
dc.contributor.author	Ren, K	en_US
dc.date.issued	2017-09-07	en_US
dc.identifier.citation	Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017, 2017, pp. 502 - 509	en_US
dc.identifier.isbn	9781509049059	en_US
dc.identifier.uri	http://hdl.handle.net/10453/126837
dc.description.abstract	© 2017 IEEE. Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.	en_US
dc.relation.ispartof	Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017	en_US
dc.relation.isbasedon	10.1109/Trustcom/BigDataSE/ICESS.2017.277	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control	en_US
dc.type	Conference Proceeding
utslib.for	0801 Artificial Intelligence and Image Processing	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Information, Systems and Modelling
pubs.organisational-group	/University of Technology Sydney/Students
utslib.copyright.status	closed_access	*
pubs.publication-status	Published	en_US

Abstract:

© 2017 IEEE. Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/126837