Universally Composable Cryptographic Role-Based Access Control

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)


In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definition is natural and intuitively appealing, so we expect that our approach would carry over to other access models.

Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system. Perhaps expected, this result serves as confirmation that the definition we propose is sound.

Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known "commitment problem" which naturally occurs in the context of cryptographic access control to file systems.
Original languageEnglish
Title of host publicationProvable Security - ProvSec 2016
Subtitle of host publication10th International Conference, ProvSec 2016, Nanjing, China, November 10-11, 2016, Proceedings
EditorsLiqun Chen, Jinguang Han
Number of pages20
ISBN (Electronic)9783319474229
ISBN (Print)9783319474212
Publication statusPublished - 16 Nov 2016

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


  • cryptographic protocols/Access Control
  • Universal Composability

Fingerprint Dive into the research topics of 'Universally Composable Cryptographic Role-Based Access Control'. Together they form a unique fingerprint.

Cite this