Privacy-Preserving Detection of Statically Mutually Exclusive Roles Constraints Violation in Interoperable Role-Based Access Control

Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical.

[1]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[2]  Yunghsiang Sam Han,et al.  Privacy-Preserving Multivariate Statistical Analysis: Linear Regression and Classification , 2004, SDM.

[3]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[5]  Xiao Haijun,et al.  Separation of Duty in Dynamic Role Translations Between Administrative Domains , 2006 .

[6]  Yong Yu,et al.  A Secure Scalar Product Protocol and Its Applications to Computational Geometry , 2013, J. Comput..

[7]  Rakesh Agrawal,et al.  Privacy-preserving data mining , 2000, SIGMOD 2000.

[8]  刘亮,et al.  TWO PRIVACY-PRESERVING PROTOCOLS FOR POINT-CURVE RELATION , 2012 .

[9]  Kemal Akkaya,et al.  Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems , 2018, Future Gener. Comput. Syst..

[10]  Moti Yung,et al.  Efficient robust private set intersection , 2012, Int. J. Appl. Cryptogr..

[11]  Somesh Jha,et al.  Privacy Preserving Clustering , 2005, ESORICS.

[12]  Bart Goethals,et al.  On Private Scalar Product Computation for Privacy-Preserving Data Mining , 2004, ICISC.

[13]  Feng Dengguo,et al.  Violation of Static Mutual Exclusive Role Constraints in Dynamic Role Transition , 2008 .

[14]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[15]  Qi Xie,et al.  Privacy-preserving matchmaking For mobile social networking secure against malicious users , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[16]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[17]  David C. Yen,et al.  A secure reverse Vickrey auction scheme with bid privacy , 2006, Inf. Sci..

[18]  Naixue Xiong,et al.  EPCBIR: An efficient and privacy-preserving content-based image retrieval scheme in cloud computing , 2017, Inf. Sci..

[19]  Hai Jin,et al.  Secure biometric image retrieval in IoT-cloud , 2016, 2016 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC).

[20]  Artak Amirbekyan,et al.  A New Efficient Privacy-Preserving Scalar Product Protocol , 2007, AusDM.

[21]  Wenliang Du,et al.  Privacy-preserving cooperative scientific computations , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[22]  Wen-Guey Tzeng Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters , 2004, IEEE Transactions on Computers.

[23]  Xuan Wang,et al.  Modeling and Analysis of SMER Constraints Violation in IRBAC 2000 Model Based on Colored Petri Nets , 2014 .

[24]  Roy H. Campbell,et al.  IRBAC 2000: Secure Interoperability Using Dynamic Role Translation , 2000, International Conference on Internet Computing.

[25]  T. W. Chim,et al.  Weighted average problem revisited under hybrid and malicious model , 2012, 2012 8th International Conference on Computing Technology and Information Management (NCM and ICNIT).

[26]  Wenliang Du,et al.  Secure Multi-party Computational Geometry , 2001, WADS.

[27]  Feng Li,et al.  Outsourceable two-party privacy-preserving biometric authentication , 2014, AsiaCCS.

[28]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.