TY - JOUR
T1 - Privacy-preserving matrix product based static mutual exclusive roles constraints violation detection in interoperable role-based access control
AU - Liu, Meng
AU - Luo, Yun
AU - Yang, Chi
AU - Pang, Shaoning
AU - Puthal, Deepak
AU - Ren, Kaijun
AU - Zhang, Xuyun
N1 - Funding Information:
This work was supported by the National Key Research and Development Program of China (Grant No. 2018YFB0203801 ), the New Zealand Marsden Fund under Grant No. 17-UOA-248 , the National Natural Science Foundation of China (Grant No. 61572510 ), the UoA Faculty Research Development Fund under Grant No. 3714668 , the NJU Overseas Open fund, China under Grant No. KFKT2018A12 , and the STRATUS Project (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud), New Zealand ( http://stratus.org.nz ).
Funding Information:
This work was supported by the National Key Research and Development Program of China (Grant No. 2018YFB0203801), the New Zealand Marsden Fund under Grant No. 17-UOA-248, the National Natural Science Foundation of China (Grant No. 61572510), the UoA Faculty Research Development Fund under Grant No. 3714668, the NJU Overseas Open fund, China under Grant No. KFKT2018A12, and the STRATUS Project (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud), New Zealand (http://stratus.org.nz).
Publisher Copyright:
© 2018 Elsevier B.V.
PY - 2020/8
Y1 - 2020/8
N2 - Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.
AB - Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.
KW - Homomorphic cryptosystem
KW - Matrix product
KW - Privacy-preserving
KW - Secure multi-party computation
KW - Statically mutually exclusive roles
UR - http://www.scopus.com/inward/record.url?scp=85056281464&partnerID=8YFLogxK
U2 - 10.1016/j.future.2018.10.017
DO - 10.1016/j.future.2018.10.017
M3 - Article
AN - SCOPUS:85056281464
SN - 0167-739X
VL - 109
SP - 457
EP - 468
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -