Managing key hierarchies for access control enforcement: H euristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi, Pierangela Samarati Source: Computers & Security, vol.29, 2010, pp. 53 3-547 Presenter: Tsuei-Hung Sun Date: 2010/7/6
20
Embed
Managing key hierarchies for access control enforcement: Heuristic approaches
Managing key hierarchies for access control enforcement: Heuristic approaches. Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi, Pierangela Samarati - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Managing key hierarchies for access control enforcement: Heuristic approaches
Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi, Pierangela Samarati
Source: Computers & Security, vol.29, 2010, pp. 533-547
ه Existing approaches do not address the problem of supporting different access authorizations for different users.
ه Enforcing the authorization policy by heuristic and minimizing the number of keys to be maintained by the system and distributed to users.
6
Scheme
ه Basic concept
Fig. Access matrixFig. User tree
acl(r): access control list of r, users that can access r. Ex. acl(r2) = {A, C}cap(u): capability list of u, resources that u can access. Ex. cap(C) = {r2 , r4 , r6}v.acl: set of users represented by vertex v.v.key: key associated with v.
7
Scheme
ه Integer Linear Programming (ILP) minimum user tree
Fig. General minimum weight user tree Fig. ILP minimum weight user tree
8
Scheme
ه ILP minimum user tree problem is formulated as follows
9
Scheme
ه Three families of heuristicsه sibling-based (S)ه leaf-based (L) ه mixed (M)
ه Three preference criteriaه rnd: at random.ه max: |vi.acl| + |vj.acl| is maximum, ties are broken rando
mly.ه min: |vi.acl| + |vj.acl| is minimum, ties are broken rando
mly.
10
Sibling-based heuristic
11
Sibling-based heuristic
12
Leaves-based heuristic
13
Leaves-based heuristic
14
Mixed heuristics
15
Experimental result
ه Compare three heuristics with Damiani’s approach.
Fig. sibling-based heuristic with different preference criteria.
16
Experimental result
ه Compare three heuristics adopting the min preference criterion with Damiani’s approach.
Fig. Percentage of times each heuristic returns a solution at distance d from the lowest weight solution computed.
17
Advantage vs. weakness
ه Advantageه Three families of heuristics preference better than Dami
ani’s heuristics.ه Integer linear programming formulation of the minimiz
ation problem.
ه Weaknessه Execution time of the mixed heuristic is higher than the
time requested by the other heuristics.ه High variability of the time necessary to solve the ILP
problem.
18
Conclusion
ه Protect the resource confidentiality from both unauthorized users and ‘‘honest-but-curious’’ servers.
ه Most of the existing efforts focus on the techniques for the evaluation of queries on encrypted outsourced data.
ه Integrating access control and encryption and by exploiting key derivation methods as a way for minimizing the number of keys distributed to users.