Sharing and access right delegation for confidential documents: A practical solution

This paper addresses a practical problem in document management systems for which no existing solution is currently available in the market. To store confidential documents, a common approach is to keep only the encrypted version of the documents to ensure confidentiality of the contents. In real cases, documents may need to be shared by more than one person or group in a company and it is common for a manager to delegate the access rights of a documents to a delegatee. How is it possible to share encrypted documents and delegate the access rights of encrypted documents? Here, we discuss the issues related to this problem and provide a practical and easy-to-implement solution for solving the problem. It has been shown to be feasible by a prototype implementation. We also show how to extend our solution to be more scalable by taking advantage of the company's hierarchical structure.

[1]  Tao Guo,et al.  The Consistency of an Access Control List , 2002, ICICS.

[2]  Hugh J. Watson,et al.  Data management in executive information systems , 1998, Inf. Manag..

[3]  Helmut G. Stiegler A structure for access control lists , 1979, Softw. Pract. Exp..

[4]  Elisa Bertino,et al.  Design and Development of a Document Management System for Banking Applikations: an Example of Office Automation , 1990, DEXA.

[5]  Bhavani M. Thuraisingham,et al.  Multilevel security for information retrieval systems - II , 1995, Inf. Manag..

[6]  Vijay Varadharajan,et al.  A Weighted Graph Approach to Authorization Delegation and Conflict Resolution , 2004, ACISP.

[7]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[9]  J. Qian,et al.  ACLA: A framework for Access Control List (ACL) Analysis and Optimization , 2001, Communications and Multimedia Security.

[10]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  John F. Barkley,et al.  Comparing simple role based access control models and access control lists , 1997, RBAC '97.

[12]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Stephen M. Matyas,et al.  The data encryption standard , 1997, Inf. Secur. Tech. Rep..

[14]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[15]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[16]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[17]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .