Privacy-preserving policy evaluation in multi-party access control

2021 ◽  
pp. 1-38
Author(s):  
Mina Sheikhalishahi ◽  
Ischa Stork ◽  
Nicola Zannone
Keyword(s):  
Access Control ◽  
Homomorphic Encryption ◽  
Privacy Preserving ◽  
Secure Computation ◽  
Sensitive Information ◽  
Functional Evaluation ◽  
Collaborative Systems ◽  
New Paradigm ◽  
Access Control Policies ◽  
The Individual

Recent years have seen an increasing popularity of online collaborative systems like social networks and web-based collaboration platforms. Collaborative systems typically offer their users a digital environment in which they can work together and share resources and information. These resources and information might be sensitive and, thus, they should be protected from unauthorized accesses. Multi-party access control is emerging as a new paradigm for the protection of co-owned and co-managed resources, where the policies of all users involved in the management of a resource should be accounted for collaborative decision making. Existing approaches, however, only focus on the jointly protection of resources and do not address the protection of the individual user policies themselves, whose disclosure might leak sensitive information. In this work, we propose a privacy-preserving mechanism for the evaluation of multi-party access control policies, which preserves the confidentiality of user policies while remaining capable of making collaborative decisions. To this end, we design secure computation protocols for the evaluation of policies in protected form against an access query and realize such protocols using two privacy-preserving techniques, namely Homomorphic Encryption and Secure Functional Evaluation. We show the practical feasibility of our mechanism in terms of computation and communication costs through an experimental evaluation.

scholarly journals Privacy-Preserving Secure Computation of Skyline Query in Distributed Multi-Party Databases

Information ◽  
2019 ◽  
Vol 10 (3) ◽  
pp. 119 ◽  
Author(s):  
Mahboob Qaosar ◽  
Asif Zaman ◽  
Md. Siddique ◽  
Annisa ◽  
Yasuhiko Morimoto
Keyword(s):  
Big Data ◽  
Large Scale ◽  
Homomorphic Encryption ◽  
Database Systems ◽  
Privacy Preserving ◽  
Secure Computation ◽  
Sensitive Information ◽  
Computing Environment ◽  
Skyline Query ◽  
Attribute Value

Selecting representative objects from a large-scale database is an essential task to understand the database. A skyline query is one of the popular methods for selecting representative objects. It retrieves a set of non-dominated objects. In this paper, we consider a distributed algorithm for computing skyline, which is efficient enough to handle “big data”. We have noticed the importance of “big data” and want to use it. On the other hand, we must take care of its privacy. In conventional distributed algorithms for computing a skyline query, we must disclose the sensitive values of each object of a private database to another for comparison. Therefore, the privacy of the objects is not preserved. However, such disclosures of sensitive information in conventional distributed database systems are not allowed in the modern privacy-aware computing environment. Recently several privacy-preserving skyline computation frameworks have been introduced. However, most of them use computationally expensive secure comparison protocol for comparing homomorphically encrypted data. In this work, we propose a novel and efficient approach for computing the skyline in a secure multi-party computing environment without disclosing the individual attributes’ value of the objects. We use a secure multi-party sorting protocol that uses the homomorphic encryption in the semi-honest adversary model for transforming each attribute value of the objects without changing their order on each attribute. To compute skyline we use the order of the objects on each attribute for comparing the dominance relationship among the objects. The security analysis confirms that the proposed framework can achieve multi-party skyline computation without leaking the sensitive attribute value to others. Besides that, our experimental results also validate the effectiveness and scalability of the proposed privacy-preserving skyline computation framework.

Analysis of Healthcare Workflows in Accordance with Access Control Policies

2016 ◽  
Vol 11 (1) ◽  
pp. 1-20 ◽  
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Sensitive Data ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Context Element

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

scholarly journals Privacy-Functionality Trade-Off: A Privacy-Preserving Multi-Channel Smart Metering System

Energies ◽  
2020 ◽  
Vol 13 (12) ◽  
pp. 3221 ◽  
Author(s):  
Xiao-Yu Zhang ◽  
Stefanie Kuenzel ◽  
José-Rodrigo Córdoba-Pachón ◽  
Chris Watkins
Keyword(s):  
Data Aggregation ◽  
Homomorphic Encryption ◽  
Value Added ◽  
Privacy Preserving ◽  
Third Party ◽  
Sensitive Information ◽  
Central Processor ◽  
Smart Metering ◽  
Trade Off ◽  
Level Data

While smart meters can provide households with more autonomy regarding their energy consumption, they can also be a significant intrusion into the household’s privacy. There is abundant research implementing protection methods for different aspects (e.g., noise-adding and data aggregation, data down-sampling); while the private data are protected as sensitive information is hidden, some of the compulsory functions such as Time-of-use (TOU) billing or value-added services are sacrificed. Moreover, some methods, such as rechargeable batteries and homomorphic encryption, require an expensive energy storage system or central processor with high computation ability, which is unrealistic for mass roll-out. In this paper, we propose a privacy-preserving smart metering system which is a combination of existing data aggregation and data down-sampling mechanisms. The system takes an angle based on the ethical concerns about privacy and it implements a hybrid privacy-utility trade-off strategy, without sacrificing functionality. In the proposed system, the smart meter plays the role of assistant processor rather than information sender/receiver, and it enables three communication channels to transmit different temporal resolution data to protect privacy and allow freedom of choice: high frequency feed-level/substation-level data are adopted for grid operation and management purposes, low frequency household-level data are used for billing, and a privacy-preserving valued-add service channel to provide third party (TP) services. In the end of the paper, the privacy performance is evaluated to examine whether the proposed system satisfies the privacy and functionality requirements.

scholarly journals Privacy-Preserving Internet of Things: Techniques and Applications

2019 ◽  
Vol 8 (6) ◽  
pp. 3229-3234 ◽  
Keyword(s):  
Cloud Computing ◽  
Homomorphic Encryption ◽  
Fog Computing ◽  
Privacy Preserving ◽  
Sensitive Information ◽  
Multiparty Computation ◽  
Iot Applications ◽  
Attribute Based Encryption ◽  
Daily Behavior ◽  
Iot Devices

Privacy has become an imperative term in the recent technology developments. Lots of data are being collected through every digital activity of users. The expeditious development of IoT applications have raised the concern about the privacy of the IoT systems. The data collected via IoT sensors can reveal the daily behavior of the users, location, and other sensitive information. Hence, it is necessary to preserve the privacy of data collected by IoT devices. A large number of techniques and approaches have been implemented and used in different IoT based applications such as cloud computing based IoT, fog computing based IoT, blockchain based IoT and trajectory applications. In this paper, we present a detailed investigation of the existing approaches to preserve the privacy of data in IoT applications. The techniques like k-anonymity, secure multiparty computation, attribute based encryption and homomorphic encryption are analyzed. Finally, a comparative analysis of privacy preserving techniques with its applications are presented.

Analysis of Healthcare Workflows in Accordance with Access Control Policies

2020 ◽  
pp. 1378-1400
Author(s):  
Sandeep Lakaraju ◽  
Dianxiang Xu ◽  
Yong Wang
Keyword(s):  
Access Control ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Healthcare Organizations ◽  
Organizational Boundaries ◽  
Healthcare Information ◽  
Control Policies ◽  
Crucial Element ◽  
Access Control Policies ◽  
Attribute Based Access Control

Healthcare information systems deal with sensitive data across complex workflows. They often allow various stakeholders from different environments to access data across organizational boundaries. This elevates the risk of exposing sensitive healthcare information to unauthorized personnel, leading ‘controlling access to resources' a major concern. To prevent unwanted access to sensitive information, healthcare organizations need to adopt effective workflows and access control mechanisms. Many healthcare organizations are not yet considering or do not know how to accommodate the ‘context' element as a crucial element in their workflows and access control policies. The authors envision the future of healthcare where ‘context' will be considered as a crucial element. They can accommodate context through a new element ‘environment' in workflows, and can accommodate context in policies through well-known attribute based access control mechanism (ABAC). This research mainly addresses these problems by proposing a model to integrate workflows and access control policies and thereby identifying workflow activities that are not being protected by access control policies and improving the workflow activities and/or existing access control policies using SARE (Subject, Action, Resource, and environment) elements.

Access Control on Semantic Web Data Using Query Rewriting

2011 ◽  
pp. 164-192
Author(s):  
Jian Li ◽  
William K. Cheung
Keyword(s):  
Access Control ◽  
Semantic Web ◽  
Query Rewriting ◽  
Sensitive Information ◽  
Semantic Web Technologies ◽  
Policy Conflict ◽  
Web Technologies ◽  
Access Control Policies ◽  
Policy Representation ◽  
On Line

Semantic Web technologies allow on-line resources to be semantically annotated to support more effective and intelligent online services. However, ontologies sometimes may contain sensitive information. Providing access to them requires proper control to ensure the data protection requirement. Yet, the protection should not be too restrictive to make the access management inflexible. While there has been recent work on policy-based access control, in this paper, the authors present a policy representation specifically for access control on ontology-based data and explain how issues like policy propagation and policy conflict resolution are addressed. The authors present bucket-based query rewriting algorithms for realizing the access control policies to avoid sensitive resources leakage in the context of the Semantic Web. The authors validate the correctness of the proposed mechanisms by going through some illustrative examples in detail.

Access Control for Web Service Applications

2011 ◽  
pp. 244-265
Author(s):  
Timon C. Du ◽  
Richard Hwang ◽  
Charles Ling-yu Chou
Keyword(s):  
Access Control ◽  
Web Service ◽  
Information Technologies ◽  
New Paradigm ◽  
Team Members ◽  
External Auditors ◽  
Access Control Policies ◽  
Access Controls ◽  
Role Based ◽  
Access Privileges

Given the rapid changes in the information technologies, the issue of information securities and company’s internal controls has become very critical to both internal and external auditors. Recently, external auditors are under pressure to provide real-time assurance. Movement of this kind has complicated as to when and how to grant the access privileges to external auditors. In addition, when there is a high degree of collaborative relationship among organizations, the collaborators need to establish policies of auditors’ access controls and set up conditions and constraints for security and confidentiality reasons. Since auditors among the collaborators have different seniority, the access privileges should be granted based on the seniority of the auditors in the collaborative team members. In contrast, the growth of Web service becomes a new paradigm to provide collaborative auditing service via Web. The access control issue is a crucial issue for the future collaboration. In this study, we propose a role-based Chinese Wall model, which organizes the corporate data into four different types of control groups with different access control policies, for the auditors to access the data among collaborating enterprises. Using the vendor-managed inventories (VMI) example, the study discusses how auditing tasks can be performed under the proposed access control environment. To ensure the functionality of the proposed framework, the study uses Oracle software to demonstrate the feasibility of the model.

Role-Evolution in Role-based Access Control System

2018 ◽  
Vol 6 (7) ◽  
pp. 223
Author(s):  
Suganthy. A ◽  
T. Chithralekha
Keyword(s):  
Control System ◽  
Access Control ◽  
Role Based Access Control ◽  
Digital Information ◽  
Digital World ◽  
Access Control Policies ◽  
Evolutionary Changes ◽  
Access Control System ◽  
Role Based ◽  
The Individual

Security is a major concern in today’s digital world.  Role based access control provides a mechanism for protecting the digital information in an organization by assigning roles to the individual user and giving permissions to the assigned roles for accessing any resources.  This paper describes the importance of roles in an organization and the evolutionary changes that occurs with respect to the organizational roles.  Here the role is defined as an entity and the attributes of the roles have been identified with their related operations.   The evolutionary changes that happens to the roles in an organization is identified and evolutionary algorithms have been proposed to handle these changes which helps in simplifying the formulation of access control policies. 

Access Control on Semantic Web Data Using Query Rewriting

2010 ◽  
Vol 1 (2) ◽  
pp. 46-66
Author(s):  
Jian Li ◽  
William K. Cheung
Keyword(s):  
Access Control ◽  
Semantic Web ◽  
Query Rewriting ◽  
Sensitive Information ◽  
Semantic Web Technologies ◽  
Policy Conflict ◽  
Web Technologies ◽  
Access Control Policies ◽  
Policy Representation ◽  
On Line

Semantic Web technologies allow on-line resources to be semantically annotated to support more effective and intelligent online services. However, ontologies sometimes may contain sensitive information. Providing access to them requires proper control to ensure the data protection requirement. Yet, the protection should not be too restrictive to make the access management inflexible. While there has been recent work on policy-based access control, in this paper, the authors present a policy representation specifically for access control on ontology-based data and explain how issues like policy propagation and policy conflict resolution are addressed. The authors present bucket-based query rewriting algorithms for realizing the access control policies to avoid sensitive resources leakage in the context of the Semantic Web. The authors validate the correctness of the proposed mechanisms by going through some illustrative examples in detail.

Exploiting Blockchain and Secure Access Control Scheme to Enhance Privacy-Preserving of IoT Publish-Subscribe System

2021 ◽  
Author(s):  
Hongliang Tian ◽  
Xiaonan Ge ◽  
Jiayue Wang ◽  
Chenxi Li
Keyword(s):  
Access Control ◽  
Homomorphic Encryption ◽  
Privacy Preserving ◽  
Prototype System ◽  
Communication Model ◽  
Loosely Coupled ◽  
Cross Domain ◽  
Control Scheme ◽  
Intelligent Devices ◽  
Scalable Communication

Abstract With the dramatically increasing deployment of intelligent devices, the Internet of Things (IoT) has attracted more attention and developed rapidly. It effectively collects and shares data from the surrounding environment to achieve better IoT services. For data sharing, the publish-subscribe (PS) paradigm provides a loosely-coupled and scalable communication model. However, due to the loosely-coupled nature, it is vulnerable to many attacks, resulting in some security threats to the IoT system, but it cannot provide the basic security mechanisms such as authentication and confidentiality to ensure the data security. Thus, in order to protect the system security and users’ privacy, this paper presents a secure blockchain based privacy-preserving access control scheme for PS system, which adopt the fully homomorphic encryption (FHE) to ensure the confidentiality of the publishing events, and leverage the ledger to store the large volume of data events and access cross-domain information. Finally, we analyze the correctness and security of our scheme, moreover, we deploy our proposed prototype system on two computers, and evaluate its performance. The experimental results show that our PS system can efficiently achieve the equilibrium between the system cost and the security requirement.

Sign in / Sign up

Export Citation Format

Share Document