Withdraw
Loading…
Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall
Kapadia, Apu C.; Naldurg, Prasad G.; Campbell, Roy H.
Loading…
Permalink
https://hdl.handle.net/2142/11163
Description
- Title
- Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall
- Author(s)
- Kapadia, Apu C.
- Naldurg, Prasad G.
- Campbell, Roy H.
- Issue Date
- 2006-02
- Keyword(s)
- computer science
- Date of Ingest
- 2009-04-20T19:44:14Z
- Abstract
- This paper presents an access control model that preserves the unlinkability of audit-logs in a distributed environment. The model restricts entities from accessing and correlating two or more audit-records belonging to different service invocations created by the same user. While the traditional Chinese Wall (CW) model is sufficient to enforce this type of unlinkability, in distributed environments CW is inefficient because the simple security condition semantics requires knowledge of a user's access history. Our model allows specifications that are simple and efficient to enforce in a decentralized manner without the need for an access history. The proposed enforcement architecture allows users to negotiate unlinkability policies with the system. The system attaches automatically generated policy constraints to the audit-records. When these constraints are enforced appropriately, they implement unlinkability policies that are provably secure and precise for a fixed protection state. The model extends to a versioning scheme that adapts to evolving protection state, trading off precision to maintain the security of deployed policies.
- Type of Resource
- text
- Permalink
- http://hdl.handle.net/2142/11163
- Copyright and License Information
- You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Owning Collections
Manage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…