research-article

Oblivious enforcement of hidden information release policies

Authors:

Brian Wongchaowart,

Adam J. LeeAuthors Info & Claims

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

Pages 324 - 327

https://doi.org/10.1145/1755688.1755730

Published: 13 April 2010 Publication History

Get Access

Abstract

In a computing system, sensitive data must be protected by release policies that determine which principals are authorized to access that data. In some cases, such a release policy could refer to information about the requesting principal that is unavailable to the information provider. Furthermore, the release policy itself may contain sensitive information about the resource that it protects. In this paper we describe a scheme for enforcing information release policies whose satisfaction cannot be verified by the entity holding the protected information, but only by the entity requesting this information. Not only does our scheme prevent the information provider from learning whether the policy was satisfied, but it also hides the information release policy being enforced from the requesting principal. Unlike previous approaches, our construction requires no guesswork or wasted computation on the part of the information requester. The information release policies that we consider can contain third-party assertions that themselves have release conditions that must be satisfied; we show that our system functions correctly even when these dependencies form cycles.

References

[1]

D. Boneh. The decision Diffie-Hellman problem. In Proceedings of the Third International Symposium on Algorithmic Number Theory, pages 48--63, 1998.

Digital Library

Google Scholar

[2]

R. W. Bradshaw, J. E. Holt, and K. E. Seamons. Concealing complex policies with hidden credentials. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 146--157, 2004.

Digital Library

Google Scholar

[3]

M. Chase. Multi-authority attribute based encryption. In Proceedings of the Fourth Theory of Cryptography Conference, pages 515--534, 2007.

Digital Library

Google Scholar

[4]

M. Chase and S. S. M. Chow. Improving privacy and security in multi-authority attribute-based encryption. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 121--130, 2009.

Digital Library

Google Scholar

[5]

T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469--472, 1985.

Digital Library

Google Scholar

[6]

K. Frikken, M. Atallah, and J. Li. Attribute-based access control with hidden policies and hidden credentials. IEEE Transactions on Computers, 55(10):1259--1270, 2006.

Digital Library

Google Scholar

[7]

J. E. Holt, R. W. Bradshaw, K. E. Seamons, and H. Orman. Hidden credentials. In Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, pages 1--8, 2003.

Digital Library

Google Scholar

[8]

A. J. Lee, K. Minami, and N. Borisov. Confidentiality-preserving distributed proofs of conjunctive queries. In Proceedings of the Fourth ACM Symposium on Information, Computer, and Communications Security, pages 287--297, 2009.

Digital Library

Google Scholar

[9]

N. Li, W. Du, and D. Boneh. Oblivious signature-based envelope. Distributed Computing, 17(4):293--302, 2005.

Digital Library

Google Scholar

Cited By

View all

Schlegel RKapadia ALee ACranor L(2011)Eyeing your exposureProceedings of the Seventh Symposium on Usable Privacy and Security10.1145/2078827.2078846(1-14)Online publication date: 20-Jul-2011
https://dl.acm.org/doi/10.1145/2078827.2078846
Pikulkaew TKikuchi H(2011)Improving Efficiency in Privacy-Preserving Automated Trust Negotiation with Conjunctive PoliciesProceedings of the 2011 14th International Conference on Network-Based Information Systems10.1109/NBiS.2011.114(679-684)Online publication date: 7-Sep-2011
https://dl.acm.org/doi/10.1109/NBiS.2011.114

Index Terms

Oblivious enforcement of hidden information release policies
1. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions
PST '12: Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)

The growing adoption of cloud technology in sensitive application domains, such as medicine, gives rise to new problems in maintaining the privacy of the involved parties during authorisation. In such domains, an honest but curious service provider can ...
Attribute-Based Access Control with Hidden Policies and Hidden Credentials

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...
Hidden access control policies with hidden credentials
WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

April 2010

363 pages

ISBN:9781605589367

DOI:10.1145/1755688

General Chair:
Dengguo Feng
Chinese Academy of Sciences, China
,
Program Chairs:
David Basin
ETH Zurich, Switzerland
,
Peng Liu
Pennsylvania State University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Division of Computing and Communication Foundations

Conference

ASIA CCS '10

Sponsor:

SIGSAC

ASIA CCS '10: 5th ACM Symposium on Information, Computer and Communications Security

April 13 - 16, 2010

Beijing, China

Acceptance Rates

ASIACCS '10 Paper Acceptance Rate 25 of 166 submissions, 15%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
120
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Schlegel RKapadia ALee ACranor L(2011)Eyeing your exposureProceedings of the Seventh Symposium on Usable Privacy and Security10.1145/2078827.2078846(1-14)Online publication date: 20-Jul-2011
https://dl.acm.org/doi/10.1145/2078827.2078846
Pikulkaew TKikuchi H(2011)Improving Efficiency in Privacy-Preserving Automated Trust Negotiation with Conjunctive PoliciesProceedings of the 2011 14th International Conference on Network-Based Information Systems10.1109/NBiS.2011.114(679-684)Online publication date: 7-Sep-2011
https://dl.acm.org/doi/10.1109/NBiS.2011.114

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions

Attribute-Based Access Control with Hidden Policies and Hidden Credentials

Hidden access control policies with hidden credentials