Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.

Fine-grained information flow control using attributes

Castiglione A.;
2019-01-01

Abstract

Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4810902
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 7
social impact