Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

20176 Privacy Enhanced Access Control by Means of Policy Blinding
Home Policy Brochure Browse Search User Area Contact Help

Sedghi, S. and Hartel, P.H. and Jonker, W. and Nikova, S.I. (2011) Privacy Enhanced Access Control by Means of Policy Blinding. In: Proceedings of the 7th International Conference on Information Security Practice and Experience, ISPEC 2011, 30 May - 1 Jun 2011, Guangzhou, China. pp. 108-122. Lecture Notes in Computer Science 6672. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-21030-3

Full text available as:

- Univ. of Twente only
222 Kb

Official URL:

Exported to Metis


Traditional techniques of enforcing an access control policy rely on an honest reference monitor to enforce the policy. However, for applications where the resources are sensitive, the access control policy might also be sensitive. As a result, an honest-but-curious reference monitor would glean some interesting information from the requests that it processes. For example if a requestor in a role psychiatrist is granted access to a document, the patient associated with that document probably has a psychiatric problem. The patient would consider this sensitive in- formation, and she might prefer the honest-but-curious reference monitor to remain oblivious of her mental problem. We present a high level framework for querying and enforcing a role based access control policy that identifies where sensitive information might be disclosed. We then propose a construction which enforces a role based access control policy cryptographically, in such a way that the reference monitor learns as little as possible about the policy. (The reference monitor only learns something from repeated queries). We prove the security of our scheme showing that it works in theory, but that it has a practical drawback. However, the practical drawback is common to all cryptographically enforced access policy schemes. We identify several approaches to mitigate the drawback and conclude by arguing that there is an underlying fundamental problem that cannot be solved. We also show why attribute based encryption techniques do not not solve the problem of enforcing policy by an honest but curious reference monitor.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security, EWI-DB: Databases
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:SEDAN: Searchable Data Encryption
ID Code:20176
Deposited On:27 May 2011
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item