Privacy protection for RBAC in service oriented architecture

Service Oriented Architecture (SOA) changes the way of conducting business by opening their services to the larger business world over the networks. However, the “open” and “interoperable” properties of SOA make privacy a sensitive security issue. In SOA, service providers (SPs) limit permission of access to specific authorized Access Requestors (ARs). SPs need to verify ARs' identity information, but ARs may not willing to disclose their privacy to unknown SPs in an open system. To solve this conflict in SOA environment, we propose privacy preserving protocols for rolebased access control (RBAC) in the SOA environment. The security analysis demonstrates that our protocols are privacy protected.

[1]  Francis G. McCabe,et al.  Reference Model for Service Oriented Architecture 1.0 , 2006 .

[2]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[3]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[4]  S. Rajsbaum Foundations of Cryptography , 2014 .

[5]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[6]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC '03.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  Roberto Tamassia,et al.  Compact and Anonymous Role-Based Authorization Chain , 2009, TSEC.

[9]  Ian Clark An Introduction to Role-Based Access Control , 2007, Information Security Management Handbook, 6th ed..

[10]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2005, IEEE Transactions on Dependable and Secure Computing.

[11]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[12]  Nils Agne Nordbotten,et al.  XML and Web Services Security Standards , 2009, IEEE Communications Surveys & Tutorials.

[13]  Wen-Guey Tzeng,et al.  Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters , 2004, IEEE Trans. Computers.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Prasad A. Chodavarapu,et al.  SOA SECURITY , 2008 .

[16]  Weblog Wikipedia,et al.  In Wikipedia the Free Encyclopedia , 2005 .

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[19]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.