Privacy-preserving matrix product based static mutual exclusive roles constraints violation detection in interoperable role-based access control

Meng Liu, Yun Luo, Chi Yang, Shaoning Pang, Deepak Puthal, Kaijun Ren, Xuyun Zhang

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.

Original languageBritish English
Pages (from-to)457-468
Number of pages12
JournalFuture Generation Computer Systems
Volume109
DOIs
StatePublished - Aug 2020

Keywords

  • Homomorphic cryptosystem
  • Matrix product
  • Privacy-preserving
  • Secure multi-party computation
  • Statically mutually exclusive roles

Fingerprint

Dive into the research topics of 'Privacy-preserving matrix product based static mutual exclusive roles constraints violation detection in interoperable role-based access control'. Together they form a unique fingerprint.

Cite this