Withdraw
Loading…
Unlinkability through Access Control: Respecting User-Privacy in Distributed Systems
Kapadia, Apu C.; Naldurg, Prasad G.; Campbell, Roy H.
Loading…
Permalink
https://hdl.handle.net/2142/11086
Description
- Title
- Unlinkability through Access Control: Respecting User-Privacy in Distributed Systems
- Author(s)
- Kapadia, Apu C.
- Naldurg, Prasad G.
- Campbell, Roy H.
- Issue Date
- 2005-08
- Keyword(s)
- computer science
- distributed systems
- Date of Ingest
- 2009-04-20T15:51:00Z
- Abstract
- We propose a policy-based framework using RBAC (Role Based Access Control) to address the unlinkability problem in the context of correlating audit records generated from access to distributed services. We explore this problem in an environment where the enforcement of access control policies is decentralized and ensuring policy consistency as the protection state of the system evolves becomes important. We introduce the notion of an audit flow associated with a user's access transactions, which represents the flow of information through audit logs within an administrative domain. Users of our system can present a set of audit flows to a decision engine that uses global access rules to detect potential linkability conflicts. Users can use this information to specify discretionary unlinkability requirements, depending on whether these accesses can expose sensitive attributes. We present an algorithm that can generate policy constraints based on these discretionary requirements. We also show how these policy constraints can be attached to individual audit log records to enforce unlinkability in a distributed manner. We prove that our proposed algorithm generates constraints that are secure and precise under strong tranquility assumptions with respect to the system's protection state. When we relax these assumptions, we show how versioning can cope with evolving protection state, trading off precision to maintain the security of deployed policies.
- Type of Resource
- text
- Permalink
- http://hdl.handle.net/2142/11086
- Copyright and License Information
- You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Owning Collections
Manage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…