Secret Sharing Scheme Based Approach for Access Control Constraint against Similar Users ’ Collusive Attack

Constraint is the core problem of high-level access control. Traditional access control constraints, such as Separation of Duty (SOD) constraints of Role-Based Access Control (RBAC) and Chinese wall policy, lack the consideration of user similarity and sensitive combination of permissions or objects. Secret sharing scheme is used to share important data or complete a sensitive task. This paper proposes secret sharing scheme based approach for access control constraints which are against similar user clusters and sensitive combination of permissions. The proposed approach not only flexibly enforces traditional access control constraints but also effectively prevents similar users’ collusive attack. The feasibility and effectiveness of the proposed approach is shown by test results.

[1]  Kuo-Sen Chou,et al.  A practical Chinese wall security model in cloud computing , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[2]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Jason Crampton,et al.  Specifying and enforcing constraints in role-based access control , 2003, SACMAT '03.

[5]  Shiuh-Jeng Wang,et al.  Flexible Key Assignment for a Time-Token Constraint in a Hierarchy , 2008, 2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008).

[6]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Constraints Specification in Attribute Based Access Control , 2013 .

[9]  T. Vicsek,et al.  Uncovering the overlapping community structure of complex networks in nature and society , 2005, Nature.

[10]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[11]  Tamás Vicsek,et al.  Parallel Clustering with Cfinder , 2012, Parallel Process. Lett..

[12]  Ravi S. Sandhu The future of access control: Attributes, automation and adaptation , 2013, IRI.

[13]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[14]  T. Vicsek,et al.  Weighted network modules , 2007, cond-mat/0703706.

[15]  James B. D. Joshi,et al.  A trust-and-risk aware RBAC framework: tackling insider threat , 2012, SACMAT '12.

[16]  Jorge Lobo,et al.  Practical risk aggregation in RBAC models , 2012, SACMAT '12.

[17]  Mucheol Kim,et al.  Trust and Risk based Access Control and Access Control Constraints , 2011, KSII Trans. Internet Inf. Syst..

[18]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  Ruixuan Li,et al.  Mining constraints in role-based access control , 2012, Math. Comput. Model..

[20]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[21]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[22]  Alireza Sharifi,et al.  Least-restrictive enforcement of the Chinese wall security policy , 2013, SACMAT '13.

[23]  Nurmamat Helil,et al.  Attribute based access control constraint based on subject similarity , 2014, 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).

[24]  Konrad Wrona,et al.  Cryptographic access control in support of Object Level Protection , 2013, 2013 Military Communications and Information Systems Conference.