Loading…

DACP: Enforcing a dynamic access control policy in cross-domain environments

Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2023-12, Vol.237, p.110049, Article 110049
Main Authors: Salehi S., Ahmad, Han, Runchao, Rudolph, Carsten, Grobler, Marthie
Format: Article
Language:English
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2023.110049