Enable delegation for RBAC with Secure Authorization Certificate GuangXu Zhou a , Murat Demirer a,c , Coskun Bayrak a, *, Licheng Wang b a University of Arkansas at Little Rock, 2801 S. University Ave, Little Rock, AR 72204, USA b Beijing University of Posts and Telecommunications, 10 Xitucheng Rd Beijing, PR China c Istanbul Kultur University, Istanbul, Turkey article info Article history: Received 6 October 2010 Received in revised form 12 May 2011 Accepted 17 June 2011 Keywords: Access Control Computer Network Security Random Number Generator Secure Authorization Secure Delegation Quasirandom Structures k-Uniform Hypergraph abstract Our motivation in this paper is to explore a Secure Delegation Scheme that could keep access control information hidden through network transmission. This approach intro- duces the quasirandom structure, 3-Uniform Hypergraph, as the representation structure for authorization information. It generates a Secure Authorization Certificate (SAC) in place of an Attribute Certificate (AC) to enable both Role-based Access Control (RBAC) and a delegation process for hiding authorization information. We have two contributions in this regard: (1) a value-based delegation scheme and (2) a pattern-based RBAC. A Secure Delegation Scheme is based on the hashing values generated with the quasirandom structure. With this scheme, the delegation process will greatly reduce the risk of sensitive authorization information leakage for applications. In the case of pattern-based access, we introduce a new hash function using quasirandom structure to make a fingerprint 1 for RBAC. The quasirandom structure derived from k-Uniform Hypergraph has measurable uniformity, which is an advantage over traditional hash functions. Another advantage is that it does not need to access the entire message context to generate the fingerprint which is essential for traditional hash functions such as MD5, SHA-1, etc. ª 2011 Elsevier Ltd. All rights reserved. 1. Introduction Delegation service is a common requirement in Role-Based Access Control (RBAC) (Ferraiolo et al., 2001) systems. With the delegation process, there are no well-accepted models addressed in the literature. The concept of delegation in access control is not clearly defined and the basic principles for dele- gation are not well-identified yet. The confinement problem, for example, cannot be demonstrated as being resolved in current delegation applications. Particularly for RBAC model, delegation is demanding more while the Public Key Certificate (PKC)-based delegation process has several defects: first, inor- dinate use of the private key increases the risk of compromise; second, the approach usually combines the authentication and authorization tightly, and the extensions embedded into the certificate overloads the semantics of the authentication certificate; third, the lifetime difference between the authen- tication and authorization attributes may increase the cost and complexity of managing the underlying Public Key Infrastruc- ture (PKI) (Benantar, 2006); fourth, the cross-domain problems with RBAC could not be easily resolved. In this paper, we present a Secure Delegation Scheme that could enhance the security of the transmission with Role- based Access Control information through network. First, with respect to the original work on quasirandomness with 3- Uniform Hypergraphs appeared in (Gowers, 2006a), we * Corresponding author. Tel.: þ1 501 569 8137; fax: þ1 501 569 8144. 1 The term fingerprint is used to refer to a unique pattern. available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/cose computers & security 30 (2011) 780 e790 0167-4048/$ e see front matter ª 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.cose.2011.06.005
11
Embed
Enable delegation for RBAC with Secure Authorization Certificate
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
c om p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 8 0e7 9 0
ava i lab le a t www.sc iencedi rec t .com
journa l homepage : www.e lsev ier . com/ loca te /cose
Enable delegation for RBAC with Secure AuthorizationCertificate
GuangXu Zhou a, Murat Demirer a,c, Coskun Bayrak a,*, Licheng Wang b
aUniversity of Arkansas at Little Rock, 2801 S. University Ave, Little Rock, AR 72204, USAbBeijing University of Posts and Telecommunications, 10 Xitucheng Rd Beijing, PR Chinac Istanbul Kultur University, Istanbul, Turkey
a r t i c l e i n f o
Article history:
Received 6 October 2010
Received in revised form
12 May 2011
Accepted 17 June 2011
Keywords:
Access Control
Computer Network Security
Random Number Generator
Secure Authorization
Secure Delegation
Quasirandom Structures
k-Uniform Hypergraph
* Corresponding author. Tel.: þ1 501 569 8131 The term fingerprint is used to refer to a
0167-4048/$ e see front matter ª 2011 Elsevdoi:10.1016/j.cose.2011.06.005
a b s t r a c t
Our motivation in this paper is to explore a Secure Delegation Scheme that could keep
access control information hidden through network transmission. This approach intro-
duces the quasirandom structure, 3-Uniform Hypergraph, as the representation structure
for authorization information. It generates a Secure Authorization Certificate (SAC) in place
of an Attribute Certificate (AC) to enable both Role-based Access Control (RBAC) and
a delegation process for hiding authorization information. We have two contributions in
this regard: (1) a value-based delegation scheme and (2) a pattern-based RBAC. A Secure
Delegation Scheme is based on the hashing values generated with the quasirandom
structure. With this scheme, the delegation process will greatly reduce the risk of sensitive
authorization information leakage for applications. In the case of pattern-based access, we
introduce a new hash function using quasirandom structure to make a fingerprint1 for
RBAC. The quasirandom structure derived from k-Uniform Hypergraph has measurable
uniformity, which is an advantage over traditional hash functions. Another advantage is
that it does not need to access the entire message context to generate the fingerprint which
is essential for traditional hash functions such as MD5, SHA-1, etc.
ª 2011 Elsevier Ltd. All rights reserved.
1. Introduction second, the approachusually combines the authentication and
Delegation service is a common requirement in Role-Based
Access Control (RBAC) (Ferraiolo et al., 2001) systems. With
the delegation process, there are no well-accepted models
addressed in the literature. The concept of delegation in access
control is not clearly defined and the basic principles for dele-
gation are not well-identified yet. The confinement problem,
for example, cannot be demonstrated as being resolved in
current delegation applications. Particularly for RBAC model,
delegation is demanding more while the Public Key Certificate
(PKC)-based delegation process has several defects: first, inor-
dinate use of the private key increases the risk of compromise;
7; fax: þ1 501 569 8144.unique pattern.ier Ltd. All rights reserve
authorization tightly, and the extensions embedded into the
certificate overloads the semantics of the authentication
certificate; third, the lifetime difference between the authen-
tication andauthorization attributesmay increase the cost and
complexity of managing the underlying Public Key Infrastruc-
ture (PKI) (Benantar, 2006); fourth, the cross-domain problems
with RBAC could not be easily resolved.
In this paper, we present a Secure Delegation Scheme that
could enhance the security of the transmission with Role-
based Access Control information through network. First,
with respect to the original work on quasirandomness with 3-
Uniform Hypergraphs appeared in (Gowers, 2006a), we
c om p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 8 0e7 9 0 789
solutions by other models how to share policies between
different organizations.
� Performance at large scaled system. Especially the imple-
mentation of delegation agents for caching and updating
will impact the performance significantly. The frequency of
caching and updating depends on the volatility of the role
map updating, the caching could be updated very frequently
in a large scaled system with role granting/revoking
changed frequently. There are no heavy calculations for
updating except the RBAC server, the performance mostly
depends on the SATs transmission over network. Therefore,
there is no evident performance bottleneck in our proposed
architecture because the SAT is a pretty small piece of text,
the transmission of the SATs over network will be faster
than transmission of a set of attributes.
Overall, the introduced SAT reduced the complexity of the
implementation than the systems employing attribute certif-
icates, except it loses embedded authorization information
which could enforce the access control and enable delegations
discretionarily.
8. Conclusions
In this paper, we redefined the Secure Authorization Scheme
as well as the Secure Delegation Scheme with all of the listed
properties (see Section 6.4) for the concept of delegation,
allowing less leakage with authorization information to
unauthorized users. Based on our definition of Secure Dele-
gation Scheme, we provided a secure delegation model that
encodes RBAC information to a single certificate as a reference
implementation for open environment applications.
For this secure delegation architecture, we argued the
deficiencies current PKI-based approaches suffer from in
Section 6.2. Then, we introduced the Secure Authorization
Certificate in place of the Attribute Certificate. A new
hashing approach that employs the quasirandom structure
is introduced to generate the Secure Authorization Tokens
for Secure Authorization Certificate. This is a novel solution
that solves the problems for PKI-based delegation
mechanism.
9. Future work
Introducing quasirandomness into the security area is
preliminary; more research to compare it to MD5, SHA-x, or
other Message Digest approaches by more metrics may give
more hints about the new hashing approach. Moreover, there
will be more revenues if the k-UniformHypergraphs (Gowers,
2006a; Nagle et al., 2006) are explored in order to generate
more complex logic for security. For the random generation
function, if an invertible function can be designed, there will
be more possibilities to do encryption or compression with
quasirandom structures. For the current application, we plan
to refine the mappings from RBAC to the quasirandom
structure in order to include more features such as role
hierarchy.
Acknowledgment
This study was conducted as an extension to the project
funded by DOD under the grant number H98230-07-C-0403.
r e f e r e n c e s
Benantar M. Access control systems: security, identitymanagement and trust models. New York, NY, USA: Springer;2006. 102e109.
Bonatti P, Samarati P. Regulating service access and informationrelease on the web. In: CCS ’00: Proceedings of the 7th ACMconference on Computer and communications security, ACM,New York, NY, USA, 2000, pp. 134e143. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/352600.352620.
Brickell E, Li J. Enhanced privacy id: a direct anonymousattestation scheme with enhanced revocation capabilities. In:WPES ’07: Proceedings of the 2007 ACM workshop on Privacyin electronic society, ACM, New York, NY, USA, 2007, pp.21e30. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1314333.1314337.
Calvert KL, Griffioen J. On information hiding and networkmanagement. In: INM ’06: Proceedings of the 2006 SIGCOMMworkshop on Internet network management, ACM, New York,NY, USA, 2006, pp. 35e40. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1162638.1162644.
Chadwick D, Otenko A, Ball E. Role-based access control with x.509 attribute certificates. Internet Comput IEEE 2003;7(2):62e9.doi:10.1109/MIC.2003.1189190.
Czajkowski K, Foster I, Kesselman C. Agreement-based resourcemanagement, Proceedings of the IEEE 93(3) (2005) 631e643.doi:10.1109/JPROC.2004.842773.
Dumitrescu C, Foster I. Usage policy-based cpu sharing in virtualorganizations. In: GRID ’04: Proceedings of the 5th IEEE/ACMInternational Workshop on Grid Computing, IEEE ComputerSociety, Washington, DC, USA, 2004, pp. 53e60. doi:http://dx.doi.org/10.1109/GRID.2004.62.
Farrell S, Housley R. An Internet attribute certificate profile orauthorization. RFC 2002;3281.
Frikken K, Atallah M, Li J. Hidden access control policies withhidden credentials. In: WPES ’04: Proceedings of the 2004 ACMworkshop on Privacy in the electronic society, ACM, NewYork, NY, USA, 2004, pp. 27e27. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1029179.1029186.
Frikken K, Atallah M, Li J. Attribute-based access control withhidden policies and hidden credentials. Comput IEEE Trans2006;55(10):1259e70. doi:10.1109/TC.2006.158.
Gowers WT. Hypergraph regularity and the multidimensionalszemeredi theorem. Ann Math 2006a;166(3):897e946.
Gowers WT. Quasirandomness, counting and regularity for 3-uniform hypergraphs. Comb Probab Comput 2006b;15(1e2):143e84. doi:http://dx.doi.org/10.1017/S0963548305007236.
Holt JE, Bradshaw RW, Seamons KE, Orman H. Hiddencredentials. In: WPES ’03: proceedings of the 2003 ACMworkshop on privacy in the electronic society, ACM, NewYork, NY, USA, 2003, pp. 1e8. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1005140.1005142.
Inglesant P, Sasse MA, Chadwick D, Shi LL. Expressions ofexpertness: the virtuous circle of natural language for accesscontrol policy specification. In: SOUPS ’08: Proceedings of the4th symposium on Usable privacy and security, ACM, New
c om p u t e r s & s e c u r i t y 3 0 ( 2 0 1 1 ) 7 8 0e7 9 0790
York, NY, USA, 2008, pp. 77e88. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1408664.1408675.
Iso 9594-8/itu-t rec. x.509 (2005) the directory: public-key andattribute certificate frameworks; 2005.
Joshi JBD, Bertino E. Fine-grained role-based delegation inpresence of the hybrid role hierarchy. In: SACMAT ’06:Proceedings of the eleventh ACM symposium on Accesscontrol models and technologies, ACM, New York, NY, USA,2006, pp. 81e90. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1133058.1133071.
Kakizaki Y, Tsuji H. A new method for reducing therevocation delay in the attribute authentication,Availability, Reliability and Security, 2007. ARES 2007. TheSecond International Conference on (2007) 1175e1182 doi:10.1109/ARES.2007.10.
Li J, Li N. Policy-hiding access control in open environment. In:PODC ’05: Proceedings of the twenty-fourth annual ACMsymposium on Principles of distributed computing, ACM, NewYork, NY, USA, 2005, pp. 29e38. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1073814.1073819.
Li N, Tripunitara MV. Security analysis in role-based accesscontrol. ACM Trans Inf Syst Secur 2006;9(4):391e420. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1187441.1187442.
Li J, Li N, Winsborough WH. Automated trust negotiation usingcryptographic credentials. In: CCS ’05: Proceedings of the12th ACM conference on Computer and communicationssecurity, ACM, New York, NY, USA, 2005, pp. 46e57. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1102120.1102129.
Mazzoleni P, Crispo B, Sivasubramanian S, Bertino E. Efficientintegration of fine-grained access control in large-scale gridservices, Services Computing, 2005 IEEE InternationalConference on 1 (2005) 77e84 vol. 1. doi:10.1109/SCC.2005.49.
Na S, Cheon S. Role delegation in role-based access control. In:RBAC ’00: Proceedings of the fifth ACM workshop on Role-based access control, ACM, New York, NY, USA, 2000, pp.39e44. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/344287.344300.
Nagle B, Rodl V, Schacht M. The counting lemma for regular k-uniform hypergraphs. Random Struct Algorithms 2006;28(2):113e79. doi:http://dx.doi.org/10.1002/rsa.v28:2.
Novotny J, Tuecke S, Welch V. An online credential repository forthe grid: Myproxy, High Performance Distributed Computing,2001. Proceedings. 10th IEEE International Symposium on(2001) 104e111 doi:10.1109/HPDC.2001.945181.
Seitz L, Rissanen E, Sandholm T, Firozabadi B, Mulmo O. Policyadministration control and delegation using xacml anddelegent, Grid Computing, 2005. The 6th IEEE/ACMInternational Workshop on (2005) 6 pp.e doi:10.1109/GRID.2005.1542723.
Wang H, Osborn SL. Delegation in the role graph model. In:SACMAT ’06: Proceedings of the eleventh ACM symposium onaccess control models and technologies, ACM, New York, NY,USA, 2006, pp. 91e100. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/1133058.1133072.
Winsborough W, Li N. Towards practical automated trustnegotiation, Policies for Distributed Systems and Networks,2002. Proceedings. Third International Workshop on (2002)92e103 doi:10.1109/POLICY.2002.1011297.
Winsborough W, Li N. Safety in automated trust negotiation,Security and Privacy, 2004. In: Proceedings. 2004 IEEESymposium on (2004) 147e160.
Winsborough W, Seamons K, Jones V. Automated trustnegotiation, DARPA Information Survivability Conference andExposition, 2000. DISCEX ’00. Proceedings 1 (2000) 88e102 vol.1. doi:10.1109/DISCEX.2000.824965.
Winslett M, Yu T, Seamons K, Hess A, Jacobson J, Jarvis R, et al.Negotiating trust in the web. Internet Comput IEEE 2002;6(6):30e7. doi:10.1109/MIC.2002.1067734.
Extensible access control markup language (xacml) (Feb 2005).Xie D, Wang Y, Chen H. A new role-based access control model
using attribute certificate, Intelligent Control and Automation,2004. WCICA 2004. Fifth World Congress on 5 (2004) 4335e4338vol. 5.
Yu T, Winslett M. A unified scheme for resource protection inautomated trust negotiation, Security and Privacy, 2003.Proceedings. 2003 Symposium on (2003) 110e122.
Yu T, Winslett M, Seamons KE. Supporting structured credentialsand sensitive policies through interoperable strategies forautomated trust negotiation. ACM Trans Inf Syst Secur 2003;6(1):1e42. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/605434.605435.
Zhang L, Ahn G-J, Chu B-T. A role-based delegation framework forhealthcare information systems. In: SACMAT ’02: Proceedingsof the seventh ACM symposium on Access control models andtechnologies, ACM, New York, NY, USA, 2002, pp. 125e134.doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/507711.507731.
Zhang L, Ahn G-J, Chu B-T. A rule-based framework for role-baseddelegation and revocation. ACM Trans Inf Syst Secur 2003;6(3):404e41. doi:http://0-doi.acm.org.iii-server.ualr.edu:80/10.1145/937527.937530.
Zhou W, Meinel C. Implement role based access control withattribute certificates, Advanced Communication Technology,2004. The 6th International Conference on 1 (2004) 536e540.doi:10.1109/ICACT.2004.1292928.
Mr. Guangxu Zhou currently serves as a software engineer inNational Center for Toxicological Research. His research interestsfocus on software engineering and networking, including Object-Oriented Design, testing automation and tools, network protocols,algorithms, and network security. He received a Master of Soft-ware Engineering degree from Tsinghua University, Beijing,China, in 2005 and an M.S. degree from the University of Arkansasat Little Rock in 2009.
Dr. R. Murat Demirer received the B.S. degree in Electrical Engi-neering from Kocaeli DMMA and the M.S. degree in ElectricalEngineering from Istanbul Technical University, in 1980 and 1982,respectively and the Ph.D. degree in biomedical engineering fromBogazici University, Istanbul, Turkey in 2000. He is currently anassistant professor in the department of Mathematics andComputer Science, Faculty of Science and Letters, Istanbul KulturUniversity, Istanbul Turkey. His current research interests includebrainecomputer interface, neurodynamics and cryptography.
Dr. Coskun Bayrak is a professor in the department of ComputerScience at the University of Arkansas at Little Rock. His primaryresearch is in the intersection of software engineering, datamining, and Biomedical Engineering. However, he also hasinterest in modeling and simulation and cellular automata. He isa member of IEEE and ACM. Dr. Bayrak holds a B.S. from SlipperyRock University, and an M.S. from Texas Tech University, andPh.D. from Southern Methodist University in Computer Science.
Dr. Licheng Wang received a B.S. degree in Computer Sciencefrom Northwest Normal University, China, in 1995 and an M.S.degree in mathematics from Nanjing University, China, in 2001,and a Ph.D. degree in Computer Science from Shanghai Jiao TongUniversity, China, Beijing University of Posts and Telecommuni-cations. His current research interests include cryptography,information security and trust computation, etc.