A Role-Based Access Control System Using Attribute-Based Encryption

摘要

Applications and services such as cloud storage and data sharing cause data owners to fail to control data access. In such open environment, the third-party service providers become the executor, which means traditional centralized access control becomes untrustworthy. The mainstream role-based access control is insufficient in the open environment, while the cryptography-based access control implementation relies heavily on key distribution, so we designed and implemented a role-based access control system based on attribute encryption. The user role assignment and the role permission assignment process are implemented through attribute-based encryption, so that the access decision is no longer dependent on specific policy decision points, ensuring the reliable enforcement of access policies. Meanwhile, our approach adds attributes to the role-based access control model, implements attribute-based user role assignments and role permission assignments, which makes the access control process more flexible. The validation verification and performance testing of a prototype prove the feasibility of our scheme.