On the need for user-defined fine-grained access control policies for social networking applications

When large images are used for big data analysis, they impose new challenges in protecting image privacy. For example, a geographic image may consist of several sensitive areas or layers. When it is uploaded into servers, the image will be accessed by diverse subjects. Traditional access control methods regulate access privileges to a single image, and their access control strategies are stored in servers, which imposes two shortcomings: (1) fine-grained access control is not guaranteed for areas/layers in a single image that need to maintain secret for different roles; and (2) access control policies that are stored in servers suffers from multiple attacks (e.g., transferring attacks). In this paper, we propose a novel watermark-based access control model in which access control policies are associated with objects being accessed (called an in-situ model). The proposed model integrates access control policies as watermarks within images, without relying on the availability of servers or connecting networks. The access control for images is still maintained even though images are redistributed again to further subjects. Therefore, access control policies can be delivered together with the big data of images. Moreover, we propose a hierarchical key-role-area model for fine-grained encryption, especially for large size images such as geographic maps. The extensive analysis justifies the security and performance of the proposed model

Download Full-text

A type system for Discretionary Access Control

Mathematical Structures in Computer Science ◽

10.1017/s0960129509007762 ◽

2009 ◽

Vol 19 (4) ◽

pp. 839-875 ◽

Cited By ~ 4

Author(s):

MICHELE BUGLIESI ◽

DARIO COLAZZO ◽

SILVIA CRAFA ◽

DAMIANO MACEDONIO

Keyword(s):

Access Control ◽

Type System ◽

Expressive Power ◽

List Type ◽

Control Policies ◽

Discretionary Access Control ◽

Selective Distribution ◽

Fine Grained ◽

Access Control Policies ◽

Pi Calculus

Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelliet al. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable. We also prove a type safety result, showing that in well-typed processes all names:(i)flow according to the access control policies specified by their types; and(ii)are received at the intended sites with the intended capabilities.We illustrate the expressive power and the flexibility of the typing system using several examples.

Download Full-text