1,720,998 research outputs found
Fuzzy-based approach to assess and prioritize privacy risks
No full textThe new general data protection regulation requires organizations to conduct a data protection impact assessment (DPIA) when the processing of personal information may result in high risk to individual rights and freedoms. DPIA allows organizations to identify, assess and prioritize the risks related to the processing of personal information and select suitable mitigations to reduce the severity of the risks. The existing DPIA methodologies measure the severity of privacy risks according to analysts’ opinions about the likelihood and the impact factors of the threats. The assessment is therefore subjective to the expertise of the analysts. To reduce subjectivity, we propose a set of well-defined criteria that analysts can use to measure the likelihood and the impact of a privacy risk. Then, we adopt the fuzzy multi-criteria decision-making approach to systematically measure the severity of privacy risks while modeling the imprecision and vagueness inherent in linguistic assessment. Our approach is illustrated for a realistic scenario with respect to LINDDUN threat categories.</p
Fuzzy-based approach to assess and prioritize privacy risks
Full text linkThe new general data protection regulation requires organizations to conduct a data protection impact assessment (DPIA) when the processing of personal information may result in high risk to individual rights and freedoms. DPIA allows organizations to identify, assess and prioritize the risks related to the processing of personal information and select suitable mitigations to reduce the severity of the risks. The existing DPIA methodologies measure the severity of privacy risks according to analysts' opinions about the likelihood and the impact factors of the threats. The assessment is therefore subjective to the expertise of the analysts. To reduce subjectivity, we propose a set of well-defined criteria that analysts can use to measure the likelihood and the impact of a privacy risk. Then, we adopt the fuzzy multi-criteria decision-making approach to systematically measure the severity of privacy risks while modeling the imprecision and vagueness inherent in linguistic assessment. Our approach is illustrated for a realistic scenario with respect to LINDDUN threat categories
Security Analysis of Role-based Access Control through Program Verification
No full textWe propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems
Verifiable Hierarchical Key Assignment Schemes
No full textA Hierarchical Key Assignment Scheme (HKAS) is a method to assign some private information and secret keys to a set of classes in a partially ordered hierarchy, so that the private information of a higher class together with some public information can be used to derive the keys of all classes lower down in the hierarchy. Historically, HKAS has been introduced to enforce multi-level access control, where it can be safely assumed that the public information is made available in some authenticated form. Subsequently, HKAS has found application in several other contexts where, instead, it would be convenient to certify the trustworthiness of public information. Such application contexts include key management for IoT and for emerging distributed data acquisition systems such as wireless sensor networks. In this paper, motivated by the need of accommodating this additional security requirement, we first introduce a new cryptographic primitive: Verifiable Hierarchical Key Assignment Scheme (VHKAS). A VHKAS is a key assignment scheme with a verification procedure that allows honest users to verify whether public information has been maliciously modified to induce an honest user to obtain an incorrect key. Then, we design and analyse VHKASs which are provably secure. Our solutions support key update for compromised secret keys by making a limited number of changes to public and private information
Policy analysis for self-administrated role-based access control
No full textCurrent techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies
Variations on a theme by Akl and Taylor: Security and tradeoffs
No full textAbstractIn 1983, Akl and Taylor [Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems 1 (3) (1983) 239–248] first suggested the use of cryptographic techniques to enforce access control in hierarchical structures. Due to its simplicity and versatility, the scheme has been used, for more than twenty years, to implement access control in several different domains, including mobile agent environments and XML documents. However, despite its use over time, the scheme has never been fully analyzed with respect to security and efficiency requirements. In this paper we provide new results on the Akl–Taylor scheme and its variants. More precisely: •We provide a rigorous analysis of the Akl–Taylor scheme. We consider different key assignment strategies and prove that the corresponding schemes are secure against key recovery.•We show how to obtain different tradeoffs between the amount of public information and the number of steps required to perform key derivation in the proposed schemes.•We also look at the MacKinnon et al. and Harn and Lin schemes and prove they are secure against key recovery.•We describe an Akl–Taylor based key assignment scheme with time-dependent constraints and prove the scheme efficient, flexible and secure.•We propose a general construction, which is of independent interest, yielding a key assignment scheme offering security w.r.t. key indistinguishability, given any key assignment scheme which guarantees security against key recovery.•Finally, we show how to use our construction, along with our assignment strategies and tradeoffs, to obtain an Akl–Taylor scheme, secure w.r.t. key indistinguishability, requiring a constant amount of public information
VAC - verifier of administrative role-based access control policies
No full textIn this paper we present Vac, an automatic tool for verifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in several software. Automatic security analysis of administrative RBAC systems is recognized as an important problem, as an analysis tool can help designers check whether their policies meet expected security properties. Vac converts administrative RBAC policies to imperative programs that simulate the policies both precisely and abstractly and supports several automatic verification back-ends to analyze the resulting programs. In this paper, we describe the architecture of Vac and overview the analysis techniques that have been implemented in the tool. We also report on experiments with several benchmarks from the literature
Practical Short Signature Batch Verification
Full text linkIn many applications, it is desirable to work with digital signatures that are short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairing-based cryptography produced a number of “short” signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. Toward achieving “short and fast” signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify. In this work, we present both theoretical and practical contributions. On the theoretical side, we introduce new batch verifiers for a wide variety of regular, identity-based, group, ring and aggregate signature schemes. These are the first constructions for batching group signatures, which answers an open problem of Camenisch et al. On the practical side, we implement each of these algorithms and compare each batching algorithm to doing individual verifications. Our goal is to test whether batching is practical; that is, whether the benefits of removing pairings significantly outweigh the cost of the additional operations required for batching, such as group membership testing, randomness generation, and additional modular exponentiations and multiplications. We experimentally verify that the theoretical results of Camenisch et al. and this work, indeed, provide an efficient, effective approach to verifying multiple signatures from (possibly) different signers
- …
