Loading…
DACP: Enforcing a dynamic access control policy in cross-domain environments
Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply...
Saved in:
| Published in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2023-12, Vol.237, p.110049, Article 110049 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3 |
| container_end_page | |
| container_issue | |
| container_start_page | 110049 |
| container_title | Computer networks (Amsterdam, Netherlands : 1999) |
| container_volume | 237 |
| creator | Salehi S., Ahmad Han, Runchao Rudolph, Carsten Grobler, Marthie |
| description | Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs. |
| doi_str_mv | 10.1016/j.comnet.2023.110049 |
| format | article |
| fullrecord | <record><control><sourceid>elsevier_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1016_j_comnet_2023_110049</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128623004942</els_id><sourcerecordid>S1389128623004942</sourcerecordid><originalsourceid>FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3</originalsourceid><addsrcrecordid>eNp9kM1KAzEUhYMoWKtv4CIvMGP-Osm4EEptVSjoQtchc-eOpHSSkgyFvr1Tx7Wrcw_cczh8hNxzVnLGq4ddCbEPOJSCCVlyzpiqL8iMGy0Kzar6crylqQsuTHVNbnLesfFFCTMj2-fl6uORrkMXE_jwTR1tT8H1HqgDwJwpxDCkuKeHuPdwoj5QSDHnoo29Gw2Go08x9BiGfEuuOrfPePenc_K1WX-uXovt-8vbarktQC7EUGiBvIVGs1pqBGGkFsI03NQgWg1omOwa2Rrh-EIqVNLIWlfKuK6SwqkG5Zyoqfd3ScLOHpLvXTpZzuyZiN3ZiYg9E7ETkTH2NMVw3Hb0mGwGjwGw9QlhsG30_xf8AFF5a14</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>DACP: Enforcing a dynamic access control policy in cross-domain environments</title><source>ScienceDirect Freedom Collection</source><creator>Salehi S., Ahmad ; Han, Runchao ; Rudolph, Carsten ; Grobler, Marthie</creator><creatorcontrib>Salehi S., Ahmad ; Han, Runchao ; Rudolph, Carsten ; Grobler, Marthie</creatorcontrib><description>Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2023.110049</identifier><language>eng</language><publisher>Elsevier B.V</publisher><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2023-12, Vol.237, p.110049, Article 110049</ispartof><rights>2023 The Author(s)</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3</citedby><cites>FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3</cites><orcidid>0000-0003-2115-6269</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27923,27924</link.rule.ids></links><search><creatorcontrib>Salehi S., Ahmad</creatorcontrib><creatorcontrib>Han, Runchao</creatorcontrib><creatorcontrib>Rudolph, Carsten</creatorcontrib><creatorcontrib>Grobler, Marthie</creatorcontrib><title>DACP: Enforcing a dynamic access control policy in cross-domain environments</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs.</description><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNp9kM1KAzEUhYMoWKtv4CIvMGP-Osm4EEptVSjoQtchc-eOpHSSkgyFvr1Tx7Wrcw_cczh8hNxzVnLGq4ddCbEPOJSCCVlyzpiqL8iMGy0Kzar6crylqQsuTHVNbnLesfFFCTMj2-fl6uORrkMXE_jwTR1tT8H1HqgDwJwpxDCkuKeHuPdwoj5QSDHnoo29Gw2Go08x9BiGfEuuOrfPePenc_K1WX-uXovt-8vbarktQC7EUGiBvIVGs1pqBGGkFsI03NQgWg1omOwa2Rrh-EIqVNLIWlfKuK6SwqkG5Zyoqfd3ScLOHpLvXTpZzuyZiN3ZiYg9E7ETkTH2NMVw3Hb0mGwGjwGw9QlhsG30_xf8AFF5a14</recordid><startdate>202312</startdate><enddate>202312</enddate><creator>Salehi S., Ahmad</creator><creator>Han, Runchao</creator><creator>Rudolph, Carsten</creator><creator>Grobler, Marthie</creator><general>Elsevier B.V</general><scope>6I.</scope><scope>AAFTH</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-2115-6269</orcidid></search><sort><creationdate>202312</creationdate><title>DACP: Enforcing a dynamic access control policy in cross-domain environments</title><author>Salehi S., Ahmad ; Han, Runchao ; Rudolph, Carsten ; Grobler, Marthie</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Salehi S., Ahmad</creatorcontrib><creatorcontrib>Han, Runchao</creatorcontrib><creatorcontrib>Rudolph, Carsten</creatorcontrib><creatorcontrib>Grobler, Marthie</creatorcontrib><collection>ScienceDirect Open Access Titles</collection><collection>Elsevier:ScienceDirect:Open Access</collection><collection>CrossRef</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Salehi S., Ahmad</au><au>Han, Runchao</au><au>Rudolph, Carsten</au><au>Grobler, Marthie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DACP: Enforcing a dynamic access control policy in cross-domain environments</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2023-12</date><risdate>2023</risdate><volume>237</volume><spage>110049</spage><pages>110049-</pages><artnum>110049</artnum><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2023.110049</doi><orcidid>https://orcid.org/0000-0003-2115-6269</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1389-1286 |
| ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2023-12, Vol.237, p.110049, Article 110049 |
| issn | 1389-1286 1872-7069 |
| language | eng |
| recordid | cdi_crossref_primary_10_1016_j_comnet_2023_110049 |
| source | ScienceDirect Freedom Collection |
| title | DACP: Enforcing a dynamic access control policy in cross-domain environments |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T01%3A51%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DACP:%20Enforcing%20a%20dynamic%20access%20control%20policy%20in%20cross-domain%20environments&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Salehi%20S.,%20Ahmad&rft.date=2023-12&rft.volume=237&rft.spage=110049&rft.pages=110049-&rft.artnum=110049&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2023.110049&rft_dat=%3Celsevier_cross%3ES1389128623004942%3C/elsevier_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c352t-72e1dcb70937ec2837228b189c2d7ce803fb3d82a1534e438397648af632a4be3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |