Privacy-preserving enforcement of spatially aware RBAC

Michael S. Kirkpatrick*, Gabriel Ghinita, Elisa Bertino

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

20 Citations (Scopus)

Abstract

Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem. Specifically, in our scheme, a user provides a service provider with role and location tokens along with a request. The service provider consults with a role authority and a location authority to verify the tokens and evaluate the policy. However, none of the servers learn the requesting user's identity, role, or location. In this paper, we define the protocols and the policy enforcement scheme, and present a formal proof of a number of security properties.

Original languageEnglish
Article number6104066
Pages (from-to)627-640
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume9
Issue number5
DOIs
Publication statusPublished - 2012
Externally publishedYes

Keywords

  • RBAC
  • access control
  • applied cryptography
  • privacy
  • security

Fingerprint

Dive into the research topics of 'Privacy-preserving enforcement of spatially aware RBAC'. Together they form a unique fingerprint.

Cite this