The Experts below are selected from a list of 249 Experts worldwide ranked by ideXlab platform
Junliang Chen - One of the best experts on this subject based on the ideXlab platform.
-
access control as a service for public cloud storage
International Conference on Distributed Computing Systems Workshops, 2012Co-Authors: Yang Zhang, Junliang ChenAbstract:With the rapid application of service-oriented technologies, service and data outsourcing has become a practical and useful computing paradigm. Combined use of access control and cryptography was proposed by many researchers to protect sensitive information in this outsourcing scenario. However, the rigid combination in existing approaches has difficulty in satisfying the flexibility requirement of access control for diverse applications. In this paper, we propose an access control service for public cloud storage, where authorization is controlled by the data owner, and the PDP (Policy Decision Point) and PEP (Policy Enforcement Point) can be securely delegated. In order to implement the service, an attribute-full proxy re-encryption scheme is presented as its corner stone. The other features of our service are as follows: simple key management without the need of key derivation for users to decrypt cipher texts, composing attributes for accessing resources with subject attributes' having inner structures, and authorization relatively separating from encryption. We also give some proofs and analysis of our implementation.
-
ICDCS Workshops - access control as a service for Public Cloud Storage
2012 32nd International Conference on Distributed Computing Systems Workshops, 2012Co-Authors: Yang Zhang, Junliang ChenAbstract:With the rapid application of service-oriented technologies, service and data outsourcing has become a practical and useful computing paradigm. Combined use of access control and cryptography was proposed by many researchers to protect sensitive information in this outsourcing scenario. However, the rigid combination in existing approaches has difficulty in satisfying the flexibility requirement of access control for diverse applications. In this paper, we propose an access control service for public cloud storage, where authorization is controlled by the data owner, and the PDP (Policy Decision Point) and PEP (Policy Enforcement Point) can be securely delegated. In order to implement the service, an attribute-full proxy re-encryption scheme is presented as its corner stone. The other features of our service are as follows: simple key management without the need of key derivation for users to decrypt cipher texts, composing attributes for accessing resources with subject attributes' having inner structures, and authorization relatively separating from encryption. We also give some proofs and analysis of our implementation.
Yang Zhang - One of the best experts on this subject based on the ideXlab platform.
-
access control as a service for public cloud storage
International Conference on Distributed Computing Systems Workshops, 2012Co-Authors: Yang Zhang, Junliang ChenAbstract:With the rapid application of service-oriented technologies, service and data outsourcing has become a practical and useful computing paradigm. Combined use of access control and cryptography was proposed by many researchers to protect sensitive information in this outsourcing scenario. However, the rigid combination in existing approaches has difficulty in satisfying the flexibility requirement of access control for diverse applications. In this paper, we propose an access control service for public cloud storage, where authorization is controlled by the data owner, and the PDP (Policy Decision Point) and PEP (Policy Enforcement Point) can be securely delegated. In order to implement the service, an attribute-full proxy re-encryption scheme is presented as its corner stone. The other features of our service are as follows: simple key management without the need of key derivation for users to decrypt cipher texts, composing attributes for accessing resources with subject attributes' having inner structures, and authorization relatively separating from encryption. We also give some proofs and analysis of our implementation.
-
ICDCS Workshops - access control as a service for Public Cloud Storage
2012 32nd International Conference on Distributed Computing Systems Workshops, 2012Co-Authors: Yang Zhang, Junliang ChenAbstract:With the rapid application of service-oriented technologies, service and data outsourcing has become a practical and useful computing paradigm. Combined use of access control and cryptography was proposed by many researchers to protect sensitive information in this outsourcing scenario. However, the rigid combination in existing approaches has difficulty in satisfying the flexibility requirement of access control for diverse applications. In this paper, we propose an access control service for public cloud storage, where authorization is controlled by the data owner, and the PDP (Policy Decision Point) and PEP (Policy Enforcement Point) can be securely delegated. In order to implement the service, an attribute-full proxy re-encryption scheme is presented as its corner stone. The other features of our service are as follows: simple key management without the need of key derivation for users to decrypt cipher texts, composing attributes for accessing resources with subject attributes' having inner structures, and authorization relatively separating from encryption. We also give some proofs and analysis of our implementation.
Cees De Laat - One of the best experts on this subject based on the ideXlab platform.
-
policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures
Availability Reliability and Security, 2012Co-Authors: Canh Ngo, Peter Membrey, Yuri Demchenko, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic access control Infrastructure as the part of a complex infrastructure services provisioning system.
-
ARES - Policy and Context Management in Dynamically Provisioned access control service for Virtualized Cloud Infrastructures
2012 Seventh International Conference on Availability Reliability and Security, 2012Co-Authors: Canh Ngo, Peter Membrey, Yuri Demchenko, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic access control Infrastructure as the part of a complex infrastructure services provisioning system.
Pawel Szalachowski - One of the best experts on this subject based on the ideXlab platform.
-
SMACS: Smart Contract access control service
arXiv: Cryptography and Security, 2020Co-Authors: Bowen Liu, Siwei Sun, Pawel SzalachowskiAbstract:Although blockchain-based smart contracts promise a ``trustless'' way of enforcing agreements even with monetary consequences, they suffer from multiple security issues. Many of these issues could be mitigated via an effective access control system, however, its realization is challenging due to the properties of current blockchain platforms (like lack of privacy, costly on-chain resources, or latency). To address this problem, we propose the SMACS framework, where updatable and sophisticated access control Rules (ACRs)} for smart contracts can be realized with low cost. SMACS shifts the burden of expensive ACRs validation and management operations to an off-chain infrastructure, while implementing on-chain only lightweight token-based access control. SMACS is flexible and in addition to simple access control lists can easily implement rules enhancing the runtime security of smart contracts. With dedicated ACRs backed by vulnerability-detection tools, SMACS can protect vulnerable contracts after deployment. We fully implement SMACS and evaluate it.
-
DSN - SMACS: Smart Contract access control service
2020 50th Annual IEEE IFIP International Conference on Dependable Systems and Networks (DSN), 2020Co-Authors: Bowen Liu, Siwei Sun, Pawel SzalachowskiAbstract:Although blockchain-based smart contracts promise a "trustless" way of enforcing agreements even with monetary consequences, they suffer from multiple security issues. Many of these issues could be mitigated via an effective access control system, however, its realization is challenging due to the properties of current blockchain platforms (like lack of privacy, costly on-chain resources, or latency). To address this problem, we propose the SMACS framework, where updatable and sophisticated access control Rules (ACRs) for smart contracts can be realized with low cost. SMACS shifts the burden of expensive ACRs validation and management operations to an off-chain infrastructure, while implementing on-chain only lightweight token-based access control. SMACS is flexible and in addition to simple access control lists can easily implement rules enhancing the runtime security of smart contracts. With dedicated ACRs backed by vulnerability-detection tools, SMACS can protect vulnerable contracts after deployment. We fully implement SMACS and evaluate it.
Canh Ngo - One of the best experts on this subject based on the ideXlab platform.
-
policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures
Availability Reliability and Security, 2012Co-Authors: Canh Ngo, Peter Membrey, Yuri Demchenko, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic access control Infrastructure as the part of a complex infrastructure services provisioning system.
-
ARES - Policy and Context Management in Dynamically Provisioned access control service for Virtualized Cloud Infrastructures
2012 Seventh International Conference on Availability Reliability and Security, 2012Co-Authors: Canh Ngo, Peter Membrey, Yuri Demchenko, Cees De LaatAbstract:Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic access control Infrastructure as the part of a complex infrastructure services provisioning system.
