The Experts below are selected from a list of 144330 Experts worldwide ranked by ideXlab platform
Wenjing Lou - One of the best experts on this subject based on the ideXlab platform.
-
fine grained Access Control System based on outsourced attribute based encryption
European Symposium on Research in Computer Security, 2013Co-Authors: Xiaofeng Chen, Chunfu Jia, Wenjing LouAbstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained Access Control System recently. However, ABE is being criticized for its high scheme overhead as the computational cost grows with the complexity of the Access formula. This disadvantage becomes more serious for mobile devices because they have constrained computing resources.
Jianan Hong - One of the best experts on this subject based on the ideXlab platform.
-
tmacs a robust and verifiable threshold multi authority Access Control System in public cloud storage
IEEE Transactions on Parallel and Distributed Systems, 2016Co-Authors: Wei Li, Jianan HongAbstract:Attribute-based Encryption (ABE) is regarded as a promising cryptographic conducting tool to guarantee data owners’ direct Control over their data in public cloud storage. The earlier ABE schemes involve only one authority to maintain the whole attribute set, which can bring a single-point bottleneck on both security and performance. Subsequently, some multi-authority schemes are proposed, in which multiple authorities separately maintain disjoint attribute subsets. However, the single-point bottleneck problem remains unsolved. In this paper, from another perspective, we conduct a threshold multi-authority CP-ABE Access Control scheme for public cloud storage, named TMACS, in which multiple authorities jointly manage a uniform attribute set. In TMACS, taking advantage of ( $t,n$ ) threshold secret sharing, the master key can be shared among multiple authorities, and a legal user can generate his/her secret key by interacting with any $t$ authorities. Security and performance analysis results show that TMACS is not only verifiable secure when less than $t$ authorities are compromised, but also robust when no less than $t$ authorities are alive in the System. Furthermore, by efficiently combining the traditional multi-authority scheme with TMACS, we construct a hybrid one, which satisfies the scenario of attributes coming from different authorities as well as achieving security and System-level robustness.
-
tmacs a robust and verifiable threshold multi authority Access Control System in public cloud storage
IEEE Transactions on Parallel and Distributed Systems, 2016Co-Authors: Kaiping Xue, Yingjie Xue, Jianan HongAbstract:Attribute-based Encryption (ABE) is regarded as a promising cryptographic conducting tool to guarantee data owners’ direct Control over their data in public cloud storage. The earlier ABE schemes involve only one authority to maintain the whole attribute set, which can bring a single-point bottleneck on both security and performance. Subsequently, some multi-authority schemes are proposed, in which multiple authorities separately maintain disjoint attribute subsets. However, the single-point bottleneck problem remains unsolved. In this paper, from another perspective, we conduct a threshold multi-authority CP-ABE Access Control scheme for public cloud storage, named TMACS, in which multiple authorities jointly manage a uniform attribute set. In TMACS, taking advantage of ( $t,n$ ) threshold secret sharing, the master key can be shared among multiple authorities, and a legal user can generate his/her secret key by interacting with any $t$ authorities. Security and performance analysis results show that TMACS is not only verifiable secure when less than $t$ authorities are compromised, but also robust when no less than $t$ authorities are alive in the System. Furthermore, by efficiently combining the traditional multi-authority scheme with TMACS, we construct a hybrid one, which satisfies the scenario of attributes coming from different authorities as well as achieving security and System-level robustness.
Gregorio Martinezperez - One of the best experts on this subject based on the ideXlab platform.
-
dynamic counter measures for risk based Access Control Systems
Future Generation Computer Systems, 2016Co-Authors: Daniel Diazlopez, Gines Doleratormo, Felix Gomezmarmol, Gregorio MartinezperezAbstract:Risk-based Access Control Systems are a new element in Access Control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g.?high, medium, low). Ideally, for each risk level and kind of resource, the Access Control System should take an authorization decision (expressed like a permit or deny) and the System administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small Access Control System with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large Access Control Systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within Access Control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an Access Control System granting/denying Access depending on the fulfillment of a set of security Controls applicable in an authorization Access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario. Finding of best sets of counter-measures to protect resources.Dynamic countermeasures to face variations in the Risk Level ( R L ) .Access depending on the fulfillment of a set of specific security Controls.Method based on genetic algorithms with applicability in a real scenario.Resource protection according to the risk level (not under or overestimated).
Xiaofeng Chen - One of the best experts on this subject based on the ideXlab platform.
-
fine grained Access Control System based on outsourced attribute based encryption
European Symposium on Research in Computer Security, 2013Co-Authors: Xiaofeng Chen, Chunfu Jia, Wenjing LouAbstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained Access Control System recently. However, ABE is being criticized for its high scheme overhead as the computational cost grows with the complexity of the Access formula. This disadvantage becomes more serious for mobile devices because they have constrained computing resources.
Hartmut Lehmler - One of the best experts on this subject based on the ideXlab platform.
-
protecting confidentiality against trojan horse programs in discretionary Access Control System
Australasian Conference on Information Security and Privacy, 2000Co-Authors: Adrian Spalka, Armin B Cremers, Hartmut LehmlerAbstract:Mandatory Access Control Systems (MAC ) are often criticised for their lack of flexibility, but they protect a System’s confidentiality from a wide range of untrustworthy Trojan Horse programs. On the other hand, discretionary Access Control Systems (DAC ) place no restriction on flexibility. But, at present, they are generally regarded as inherently defenceless against all kinds of untrustworthy programs. We believe that this trade-off is not unavoidable. We show that, for lack of distinction between a user’s and a program’s trustworthiness, the vulnerability of DAC is design-based. On these grounds we present a modified (DAC ). The central idea is the separation of the management of rights from other activities of a user. The resulting System offers the flexibility of (DAC ) and the protection of (MAC ).
