Access control in computer science defines how different active processes, called subjects, may perform abstract operations on (computing) resources, called objects. General access control enforcement includes a theoretical construct called a reference monitor, which is intended to monitor the access requests between subjects and objects. This dissertation researches the possibilities to replace reference monitors with cryptography, for reasons of implementation-level assurance and distribution of computation. An information security notion called multi-level security (MLS) binds official data confidentiality levels to trustworthiness of users such that, for example, users checked ("cleared") for some level should be able to securely access information classified up to their level, inside a system which also contains information classified to a higher level. Traditionally, only cryptography has been considered to have sufficient assurance for large scale MLS environments. However, cryptographic enforcement is rather rigid and limited in some respects. Ideally, cryptographically enforced access control should comply with modern access control management principles such as role-based access control (RBAC). Recent advances in public key infrastructure (PKI), such as attribute-based encryption (ABE) and signatures (ABS), enable more complex policies in access control as well. This dissertation investigates the possibilities to use ABE and ABS in enforcing access control cryptographically, according to modern RBAC principles. The main application we target is publish-subscribe environment for MLS documents. As ABE and ABS represent only one type of PKI authentication architecture, and attributes are elemental for RBAC support, we first research the question, whether the capability to support attributes in general is particular to the authentication architecture represented by ABE, and find that this is not the case. However, due to other benefits of the ABE type, we find that they are still superior to other types. We then present the main assumptions to our application environment and show, how XML-documents can be used to support the access control enforcement cryptographically and nevertheless allow a transition period from conventional PKI to ABE. The actual framework consists of a general model on how to represent different access operations, or permissions, in such a way that they can be cryptographically enforced, as well as XACML reference architecture-based models for implementing confidentiality and integrity policies using ABE and ABS, respectively. We also map different NIST-standardized RBAC-model elements to ABE and ABS functionalities. In the confidentiality enforcement model we note a controversy in the ABE security goal of user collusion prevention with MLS environment requirements, and introduce a scheme to overcome this securely.
- Nyberg, Kaisa, Supervisor
- Candolin, Catharina, Advisor, External person
|Publication status||Published - 2016|
|MoE publication type||G5 Doctoral dissertation (article)|
- multi-level security, RBAC, ABAC, MLS, ABE, ABS, functional encryption