Secret Sharing Scheme Based Approach for Access Control Constraint Against Similar Users' Collusive Attack

Constraint is the core problem of high-level access control. Traditional access control constraints, such as Separation of Duty (SOD) constraints of Role-Based Access Control (RBAC) and Chinese wall policy, lack the consideration of user similarity and sensitive combination of permissions or objects. Secret sharing scheme is used to share important data or complete a sensitive task. This paper proposes secret sharing scheme based approach for access control constraints which are against similar user clusters and sensitive combination of permissions. The proposed approach not only flexibly enforces traditional access control constraints but also effectively prevents similar users’ collusive attack. The feasibility and effectiveness of the proposed approach is shown by test results.

[1]  American National Standard for Information Technology – Role Based Access Control , 2004 .

[2]  Shiuh-Jeng Wang,et al.  Flexible Key Assignment for a Time-Token Constraint in a Hierarchy , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).

[3]  Mucheol Kim,et al.  Trust and Risk based Access Control and Access Control Constraints , 2011, KSII Trans. Internet Inf. Syst..

[4]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.

[5]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[6]  Kuo-Sen Chou,et al.  A practical Chinese wall security model in cloud computing , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[7]  T. Vicsek,et al.  Uncovering the overlapping community structure of complex networks in nature and society , 2005, Nature.

[8]  Jason Crampton,et al.  Specifying and enforcing constraints in role-based access control , 2003, SACMAT '03.

[9]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[10]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[11]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[12]  Konrad Wrona,et al.  Cryptographic access control in support of Object Level Protection , 2013, 2013 Military Communications and Information Systems Conference.

[13]  Ravi S. Sandhu The future of access control: Attributes, automation and adaptation , 2013, IRI.

[14]  K. Zaman Constraints Specification in Attribute Based Access Control , 2013 .

[15]  T. Vicsek,et al.  Weighted network modules , 2007, cond-mat/0703706.

[16]  James B. D. Joshi,et al.  A trust-and-risk aware RBAC framework: tackling insider threat , 2012, SACMAT '12.

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Nurmamat Helil,et al.  Attribute based access control constraint based on subject similarity , 2014, 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).

[19]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[20]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[21]  Jorge Lobo,et al.  Practical risk aggregation in RBAC models , 2012, SACMAT '12.

[22]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[23]  Alireza Sharifi,et al.  Least-restrictive enforcement of the Chinese wall security policy , 2013, SACMAT '13.

[24]  Ruixuan Li,et al.  Mining constraints in role-based access control , 2012, Math. Comput. Model..

[25]  Tamás Vicsek,et al.  Parallel Clustering with Cfinder , 2012, Parallel Process. Lett..