Title :
Combining Attribute-Based and Access Systems
Author :
Malek, Behzad ; Miri, Ali
Author_Institution :
Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada
Abstract :
In this work, we design a balanced access control system,where a robust system becomes flexible to meet its users´needs. On one hand, the system administrator sets system wide policies that all users must comply with. Policies are integrated into private keys of users, setting an access structure over attributes (resources) they can access. On the other hand, users are able to set their own access structure over system policies for documents they generate in the system. Users are in control of who and under what conditions can access their documents. This way, a system administrator can help users set their own access control policies while both users´ privacy and system´s security are preserved. Our system is based on two attribute-based encryption schemes: KP-ABE and CP-ABE. The former puts access policies into decryption keys, and the latter combines access policies with ciphertexts. In our work, we show how these two separate systems can be efficiently combined into a flexible, yet robust access control system.
Keywords :
authorisation; cryptography; data privacy; access control system; access structure; ciphertext-policy attribute-based encryption; decryption key; key-policy attribute-based encryption; system administrator; system security; user privacy; Access control; Computer security; Cryptography; Design engineering; Information technology; Privacy; Protection; Robust control; Access Control; Attribute-Based Encryption; Ciphertext-policy; Key-policy; Security;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.157
