【24h】

Cryptographic Attribute-Based Access Control (ABAC) for Secure Decision Making of Dynamic Policy With Multiauthority Attribute Tokens

机译:基于密码属性的访问控制(ABAC),用于具有多权限属性令牌的动态策略的安全决策

获取原文
获取原文并翻译 | 示例

摘要

This article aims to establish a cryptographic solution to improve security and reliability of the National Institute of Standards and Technologys attribute-based access control (ABAC) model. By breaking down the existing structure of attribute-based encryption, we propose a new cryptographic ABAC (C-ABAC) framework with dynamic policy authorization and real-time attribute credentials. Moreover, a practical C-ABAC construction is proposed to support provable policy decision making and verifiable attribute Tokens among multiple distributed authorities. In this construction, we develop a concrete approach of generating a cryptographic policy from access control markup language. We also prove that attribute Token has existential unforgeability under chosen-attribute and chosen-nonce attacks, and the cryptographic policy is existentially unforgeable under chosen-object attack. In addition, our C-ABAC construction provides semantic security against chosen-plaintext attack with Token and policy queries under the extended general Diffie-Hellman exponent assumption. Finally, we evaluate the performance of the C-ABAC system according to complexity analysis and experimental results. The results show that the C-ABAC system is reliable and easy to implement.
机译:本文旨在建立一种加密解决方案,以提高美国国家标准技术研究院基于属性的访问控制(ABAC)模型的安全性和可靠性。通过分解基于属性的加密的现有结构,我们提出了一种具有动态策略授权和实时属性凭证的新加密ABAC(C-ABAC)框架。此外,提出了一种实用的C-ABAC构造,以支持可证明的策略决策和可验证的多个分布式授权机构之间的属性令牌。在此构造中,我们开发了一种从访问控制标记语言生成加密策略的具体方法。我们还证明了属性令牌在选择属性和选择一次攻击下具有存在不可伪造性,而密码策略在选择对象攻击下具有存在不可伪造性。此外,在扩展的一般Diffie-Hellman指数假设下,我们的C-ABAC构造通过Token和策略查询提供了针对选择明文攻击的语义安全性。最后,我们根据复杂度分析和实验结果评估了C-ABAC系统的性能。结果表明,C-ABAC系统可靠且易于实现。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

联系方式:18141920177 (微信同号)

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号