Managing Key hierarchies for access control enforcement: Heuristic approaches. ELSEVIER(2010) Computers & Security Carlo Blundo , Stelvio Cimato Sabrina De Capitani di Vimercati Alfredo De Santis , Sara Foresti , Stefano Paraboschi , Pierangela Samarati. 2013.04.15 - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Managing Key hierarchies for access con-trol enforcement: Heuristic approaches
ELSEVIER(2010)Computers & Security
Carlo Blundo, Stelvio CimatoSabrina De Capitani di Vimercati
Alfredo De Santis, Sara Foresti,Stefano Paraboschi, Pierangela Samarati
2013.04.15 Regular Seminar
DBLAB Tae Hoon Kim
Reference PPT : Ara-Jo Managing Key hierarchies for access control en-forcement: Heuristic approaches
2 /29
Contents
1. Introduction2. Basic Concepts3. Problem Formulation4. Minimum weight user tree5. Linear programming approach6. Minimum Spanning tree heuristics
The linear constraints impose that 1. The edges and vertices selected form a tree structure 2. All material vertices belong to the user tree.
Constraints1. Each non-material vertex in the user graph has at most
one incoming edge in the user tree2. Only vertices having at least an outgoing edge have an
incoming edge in the user tree3. Each material vertex has exactly an incoming edge4. Variables associated with the edges of the user graph can
only assume value 1 or, 0 Modeling the presence or not of corresponding edge in the com-
puted user tree
14/29
Linear programming approach
V0[]
V1[A] V3[]V2[] V4[]
V5[AB] V6[AC] V7[AD]
V11[ABC] V12[ABD]
V8[BC] V9[BD] V10[CD]
V13[ACD] V14[BCD]
V15[ABCD]
r4
r1 r2 r3
r5 r6
15/29
Minimum spanning tree heuristics
Be based on the computation of MST over a graph G = (V, E’, w), V = E’ = {(vi , vj)|vi, vji.aclVi.acl} W(vi, vj) = |Vj.acl\Vi.acl|
The MST over G can be reduce the weight Vk.acl = vi.acl vj.acl
A parent of vi and vj
Because include Vk.key instead of both vi.key and vj.key
16/29
Minimum spanning tree heuristicsCase 1U = Vk.acl = vi.acl vj.acl
vpi
vi
vpj
vjvpi
vi
vj
vpj
vpi
vi
vpj
vj
vpj
vj
vi
vpi
initial configuration Final configura-tion
17/29
Minimum spanning tree heuristicsCase 2U = Vk.acl = vi.acl vj.acl
vpjvpi
vi vj
vk vk
vi vj
vpjvpi
initial configuration Final configura-tion
18/29
Minimum spanning tree heuristicsCase 3U = Vk.acl = vi.acl vj.acl initial configuration Final configura-
tionvpjvpi
vi vj
vpjvpi
vi vj
vk
vpjvpi
vi vj
vk
vpjvpi
vi vj
vpjvpi
vi vj
vtvpjvpi vt
vk
vi vj
19/29
Minimum spanning tree heuristics
But, selection process is expensive decide to use Vpi or Vpj as Vpk direct ancestor of Vk whenever it is possible Consider to determine the heuristics(based on Prim’s