基于欧拉图的授权扩散拓扑构建与授权撤销

在分散式自主授权模式中,接受授权的用户可以将转授给他的权限再次转授给其他人,经过多步转授的权限扩散与不完全的委托撤销可能导致隐性授权冲突.在以往的授权模型中,模型设计的重点在于如何授权,而对于授权撤销考虑甚少.由于转授权路径生成的随意性,增加了遍历路径完成授权回收的难度.针对授权路径的生成和转授权回收进行研究,引入欧拉图对授权路径构建进行约束,在此基础上给出了授权路径构建算法与转授权路径遍历回收方法,通过有目的的授权路径构建,简化转授权路径遍历过程,解决转授权路径遍历不完全导致的授权撤销不完整问题,防止权限扩散并消除隐性授权冲突.     

Design and implementation of a public key-based group collaboration system

We present PubKey-Wiki, a public key-based wiki group collaboration system. PubKey-Wiki allows users to authenticate themselves using public-key cryptography and gain authorizations using digital certificates. By using public key-based user authentication, users’ passwords are not sent across the network and are not stored on the web server’s host machine. Using digital certificates to authorize users to access protected files facilitates delegation of authority and simpler access control list (ACL) management, and allows the ability of a user to pass authorizations onto other users without needing to connect to the wiki’s server. The paper introduces a new approach to revocation in which revocation of certificates and revocation of public keys are handled separately and take effect immediately.The paper also introduces an algorithm, CertClosure, that computes the transitive closure of a set of certificates that contain authorization information. When a user adds or removes a certificate from his certificate directory in PubKey-Wiki, PubKey-Wiki uses the CertClosure algorithm to derive authorization rules. PubKey-Wiki stores these authorization rules in a lookup table where they can be easily referenced. When a user tries to access a protected file, PubKey-Wiki looks up and uses the relevant authorization rules to efficiently make an access control decision.     

AAnA: Anonymous authentication and authorization based on short traceable signatures

Due to the privacy concerns prevailing in today’s computing environments, users are more likely to require anonymity or at least pseudonyms; on the other hand, they must be traceable or revokable in case of abuse. Meanwhile, an authorization mechanism that controls access rights of users to services or resources is frequently needed in various real-world applications but does not favor anonymity. To cope with these problems, we explore an anonymous authentication and authorization method that very efficiently supports fine-grained authorization services without losing strong but traceable anonymity. The efficiency of our method comes from atomizing authorization within a group and issuing multiple authorization values for a group membership. The cryptographic basis of our method is the famous short traceable signature scheme. Our method allows a user to selectively disclose authorization according to need and also provides revocation and update of authorization without revoking membership or anonymity. To prevent users from forging authorization, our method enables the users to prove their authorizations while hiding the corresponding authorization values from other users. We formally analyze security and compare the related methods in terms of efficiency and functionality. We show that our method is secure against misidentification, anonymity-break and framing attacks and is efficient within a reasonable bound while still providing various functionalities such as fine-grained authorization and authorization revocation, commonly required in many practical applications.     

安全操作系统授权撤销机制的研究

Revoking operation is a very important component of access control. The lack of effective revoking operation impinges on supporting dynamic security policies in secure operation system. Analyzing authorization system,this paper presents a revoke policy which supports cascade and noncascade revocation. The policy adopts Hash authorization list and critical-based callback function to implement revocation of point to point and point to plane. Our experiments in security kernel show the mechanism is feasible ,which provides the basis of further researching dynamic security policies in secure operation system.     

A HIPAA-compliant key management scheme with revocation of authorization

Patient control over electronic protected health information (ePHI) is one of the major concerns in the Health Insurance and Accountability Act (HIPAA). In this paper, a new key management scheme is proposed to facilitate control by providing two functionalities. First, a patient can authorize more than one healthcare institute within a designated time period to access his or her ePHIs. Second, a patient can revoke authorization and add new authorized institutes at any time as necessary. In the design, it is not required to re-encrypt ePHIs for adding and revoking authorizations, and the implementation is time- and cost-efficient. Consent exception is also considered by the proposed scheme.     

Generic user revocation systems for attribute-based encryption in cloud storage

Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.     

基于域的主动代码定位和撤销机制

主动网络的可编程特性在为网络提供了快速部署新协议和安装新服务能力的同时也带来了新的安全隐患,主动代码的定位和撤销就是其中的一个关键问题。该文提出了一种基于域的主动代码的定位和撤销机制,该机制不仅消耗资源少,响应时间快,而且还使用了认证和授权策略来保证节点的安全性。     

一个基于视图的数据访问模型

多用户共享一个数据库必然存在一些安全隐患,须加以特定的控制措施以防止非法访问。提出一个基于视图的数据访问模型(VBAC),根据用户名创建与之联系的视图(视图成为该用户访问属于他的数据的惟一窗口),回收所有用户的权限,并将视图的访问权限授予给与之对应的用户,当一个用户登录系统,将他与对应的视图绑定起来,用户的数据访问通过视图间接完成,一旦回收视图的授权,与之对应的用户将不能对数据库进行任何存取。通过授权的数据视图,将用户对数据的操纵限定在特定的行和列,在用户和数据库之间建立信息安全防火墙。在Microsoft SQL Server 2000下测试了该模型的有效性。     

Minimal Information Disclosure in a Centralized Authorization System

We propose a centralized authorization system, in which user authorizations cannot be retrieved in a computationally feasible way without cooperation of user, authorization server and end-servers. A certain level of anonymity is also guaranteed to the users. The security of the protocol is based on standard cryptographic assumptions. We show that the complexity of the protocol compares to that of the SSL handshake protocol.     

Authorization Translation for XML Document Transformation

XML access control models proposed in the literature enforce access restrictions directly on the structure and content of an XML document. Therefore access authorization rules (authorizations, for short), which specify access rights of users on information within an XML document, must be revised if they do not match with changed structure of the XML document. In this paper, we present two authorization translation problems. The first is a problem of translating instance-level authorizations for an XML document. The second is a problem of translating schema-level authorizations for a collection of XML documents conforming to a DTD. For the first problem, we propose an algorithm that translates instance-level authorizations of a source XML document into those for a transformed XML document by using instance-tree mapping from the transformed document instance to the source document instance. For the second problem, we propose an algorithm that translates value-independent schema-level authorizations of non-recursive source DTD into those for a non-recursive target DTD by using schema-tree mapping from the target DTD to the source DTD. The goal of authorization translation is to preserve authorization equivalence at instance node level of the source document. The XML access control models use path expressions of XPath to locate data in XML documents. We define property of the path expressions (called node-reducible path expressions) that we can transform schema-level authorizations of value-independent type by schema-tree mapping. To compute authorizations on instances of schema elements of the target DTD, we need to identify the schema elements whose instances are located by a node-reducible path expression of a value-independent schema-level authorization. We give an algorithm that carries out path fragment containment test to identify the schema elements whose instances are located by a node-reducible path expression.     

Dynamic role authorization in multiparty conversations

Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the \({\pi}\)-calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.     

A temporal access control mechanism for database systems

The paper presents a discretionary access control model in which authorizations contain temporal intervals of validity. An authorization is automatically revoked when the associated temporal interval expires. The proposed model provides rules for the automatic derivation of new authorizations from those explicitly specified. Both positive and negative authorizations are supported. A formal definition of those concepts is presented, together with the semantic interpretation of authorizations and derivation rules as clauses of a general logic program. Issues deriving from the presence of negative authorizations are discussed. We also allow negation in rules: it is possible to derive new authorizations on the basis of the absence of other authorizations. The presence of this type of rule may lead to the generation of different sets of authorizations, depending on the evaluation order. An approach is presented, based on establishing an ordering among authorizations and derivation rules, which guarantees a unique set of valid authorizations. Moreover, we give an algorithm detecting whether such an ordering can be established for a given set of authorizations and rules. Administrative operations for adding, removing, or modifying authorizations and derivation rules are presented and efficiency issues related to these operations are also tackled in the paper. A materialization approach is proposed, allowing to efficiently perform access control     

Key updating technique in identity-based encryption

Key revocation is critical for the practicality of any public key cryptosystem and identity-based encryption (IBE) system. When a user’s private key is compromised, it is important for him/her to revoke his/her key. Up to now, little work has been published on key revocation in IBE systems. We propose a low-complexity key update technique to solve the revocation problem in an IBE system in which any revoked user is able to re-join the system without changing his or her identity or re-setup the system.     

支持撤销属性的CP-ABE密钥更新方法

在现有云存储的密文策略属性加密方案（CP-ABE）中,大多只考虑用户的计算开销,而忽略了属性授权中心在更新密钥的时候所消耗的大量计算资源。针对该问题提出了一种基于CP-ABE的支持细粒度属性撤销的密钥更新方法。首先属性授权中心创建用户撤销列表以及属性密钥撤销列表,然后利用区块链公开、安全、可验证等相关特性来存储撤销列表等数据。最后系统根据这些数据在用户请求密文时更新其属性密钥,即将密钥频繁变更转为按需单次变更从而减少属性授权中心在一定时间段内大量的计算。同时,通过引入可验证外包的方法确保用户解密的正确性以及低廉的开销。理论分析验证了方案的安全性以及密文加解密的高效性,并通过仿真实验与其他方案比较验证了方案在单次系统属性撤销方面也具备着高效的性能。     

XML文档存取控制研究

提出了一种基于授权树的XML存取控制标记算法,通过①避免在每个XML结点上进行授权匹配;②避免在每个结点上进行授权冲突解决;③避免标记每个结点,有效地改善了处理性能,另外,提出了一种灵活的、用户可配置的授权冲突解决模式,并且将这种解决模式自然地集成到授权树算法之中。     

A content-based authorization model for digital libraries

Digital libraries (DLs) introduce several challenging requirements with respect to the formulation, specification and enforcement of adequate data protection policies. Unlike conventional database environments, a DL environment is typically characterized by a dynamic user population, often making accesses from remote locations, and by an extraordinarily large amount of multimedia information, stored in a variety of formats. Moreover, in a DL environment, access policies are often specified based on user qualifications and characteristics, rather than on user identity (e.g. a user can be given access to an R-rated video only if he/ she is more than 18 years old). Another crucial requirement is the support for content-dependent authorizations on digital library objects (e.g. all documents containing discussions on how to operate guns must be made available only to users who are 18 or older). Since traditional authorization models do not adequately meet the access control requirements typical of DLs, we propose a content-based authorization model that is suitable for a DL environment. Specifically, the most innovative features of our authorization model are: (1) flexible specification of authorizations based on the qualifications and (positive and negative) characteristics of users, (2) both content-dependent and content-independent access control to digital library objects, and (3) the varying granularity of authorization objects ranging from sets of library objects to specific portions of objects     

一个适应性安全的支持用户私钥撤销的KP-ABE方案

用户私钥撤销是基于属性的加密(Attribute Based Encryption,ABE)方案在实际应用中所必需解决的问题.现有的支持用户私钥撤销的ABE方案通过引入用户身份的概念,以撤销用户身份的方式实现了对用户私钥的撤销,但其安全性只能达到选择性安全.本文借鉴已有方案的思想,通过将Lewko等人提出的适应性安全ABE方案与Leyou Zhang提出的适应性安全基于身份的组播加密方案相结合,利用双系统加密技术,在合数阶双线性群上实现了一个适应性安全的支持对用户私钥进行撤销的KP-ABE方案.     

支持授权的基于角色的访问控制模型及实现

现有的基于角色的访问控制模型多采用集中授权管理方式,不能满足大型复杂协作系统的需求．文中对RBAC96模型进行扩展,形成了支持授权的基于角色的访问控制模型．该模型引入角色语境作为自主授权活动的依据,通过语境部件授权极限值、授权域、授权类型以及撤销类型的定义,以支持灵活的自主授权活动,并支持多步授权,允许安全管理员对系统进行宏观安全控制．对该模型的基本部件和规范进行了描述,并且给出授权活动的实现算法和应用实例．     

基于仲裁的SM9标识加密算法

SM9-IBE是我国于2016年发布的标识加密算法行业标准.标识加密算法以用户的标识(如邮件地址、身份证号等)作为公钥,从而降低系统管理用户密钥的复杂性.然而,标识加密算法的密钥撤销和更新问题却变得更加困难.此外,SM9算法的结构特殊使得已有技术无法完全适用于该算法.为此,本文提出一种基于仲裁的SM9标识加密算法,可快...