AbstractTraditional enforcement of access control policies heavily relies on reference monitors, which need to be run in trusted domains, be permanently online and mediate every access request from users. This inherent limitation directly impacts scalability and deployability of its applications. A solution to this problem is to employ cryptography, where policy enforcement depends on both security of the underlying cryptographic primitives and appropriate key distribution. This approach is known as cryptographic access control. It has the potential to reduce the reliance on monitors or even eliminate this need while enforcing the access control policies.
The existing works in cryptographic access control mainly focused on implementing various access control systems from basic cryptographic primitives and/or designing new primitives tailored for access control systems. However, the study on formal security models for cryptographic access control systems, which are of central importance, is usually neglected. Specifically, without formal security models, one cannot establish the link between security guarantees from cryptographic primitives and the enforcement of access control policies.
This problem was first addressed by Ferrara et al., whose recent work on crypto- graphic Role-Based Access Control (cRBAC) establishes rigorous foundations for the analysis of cryptographic access control systems. In this thesis, we continue their line of research. Our main contributions are definitional. We study security of cRBAC systems in both game-based and simulation-based settings, and the relations between the secu- rity notions. We also initiate the study of policy privacy in the context of cryptographic access control systems. The privacy issue does not arise in traditional monitor-based policy enforcement, but cryptographic access-control systems may inadvertently leak information on the underlying access control policies. Such information can be sensitive in many scenarios. Next, we propose a construction of cRBAC system which employs a new privacy-preserving encryption. Our security proofs confirm that our purposal securely enforces both read and write access to the file system, while preserving pol- icy privacy to a certain degree. Finally, we study the efficiency implications of secure cRBAC systems. Our result shows that supporting permission revocation is inherently costly in such systems.
|Date of Award||28 Nov 2019|
|Supervisor||Bogdan Warinschi (Supervisor)|