Fine-Grained Information Flow Control Using Attributes

Jinguang Han; Liqun Chen; Willy  Susilo; Xinyi  Huang; Aniello  Castiglione; Kaitai Liang

doi:10.1016/j.ins.2019.01.074

Fine-Grained Information Flow Control Using Attributes

Jinguang Han, Liqun Chen, Willy Susilo, Xinyi Huang, Aniello Castiglione, Kaitai Liang

School of Electronics, Electrical Engineering and Computer Science

Research output: Contribution to journal › Article › peer-review

15 Citations (Scopus)

306 Downloads (Pure)

Abstract

Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.

Original language	English
Pages (from-to)	167-182
Number of pages	16
Journal	Information Sciences
Volume	484
Early online date	30 Jan 2019
DOIs	https://doi.org/10.1016/j.ins.2019.01.074
Publication status	Published - 01 May 2019

Keywords

Information flow control
Attribute-based system
Access control encryption
Security
Privacy

Access to Document

10.1016/j.ins.2019.01.074Licence: Unspecified

Fine-Grained Information Flow Control Using Attributes
Copyright 2019 Elsevier. This manuscript is distributed under a Creative Commons Attribution-NonCommercial-NoDerivs License (https://creativecommons.org/licenses/by-nc-nd/4.0/), which permits distribution and reproduction for non-commercial purposes, provided the author and source are cited.
Accepted author manuscript, 771 KBLicence: Unspecified

Cite this

@article{451539ddf4fd4ce38f75cdd97f5f7d7c,

title = "Fine-Grained Information Flow Control Using Attributes",

abstract = "Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.",

keywords = "Information flow control, Attribute-based system, Access control encryption, Security, Privacy",

author = "Jinguang Han and Liqun Chen and Willy Susilo and Xinyi Huang and Aniello Castiglione and Kaitai Liang",

year = "2019",

month = may,

day = "1",

doi = "10.1016/j.ins.2019.01.074",

language = "English",

volume = "484",

pages = "167--182",

journal = "Information Sciences",

issn = "0020-0255",

publisher = "Elsevier Inc.",

}

TY - JOUR

T1 - Fine-Grained Information Flow Control Using Attributes

AU - Han, Jinguang

AU - Chen, Liqun

AU - Susilo, Willy

AU - Huang, Xinyi

AU - Castiglione, Aniello

AU - Liang, Kaitai

PY - 2019/5/1

Y1 - 2019/5/1

N2 - Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.

AB - Information flow control (IFC) mechanisms regulate where information is allowed to travel. To enhance IFC, access control encryption (ACE) was proposed where both the no write-down rule and the no read-up rule are supported. Nevertheless, there are still two issues: (1) how to determine whether a communication request should be permitted or denied was not considered; (2) the commutation cost is linear with the number of receivers. Attribute-based system (ABS) can implement one-to-many communication and fine-grained access policies. In this paper, a new IFC scheme is proposed by combing ACE with ABS. Our scheme provides the following features: (1) IFC policies are defined over a universe set of attributes; (2) the computation cost to determine whether a communication request should be permitted or denied is constant, instead of linear with the number of required attributes or receivers; (3) weak attribute privacy is achieved; (4) fine-grained access policies on encrypted data are supported; (5) the communication cost is linear with the number of required attributes and is independent of the number of receivers. To the best of our knowledge, it is the first IFC scheme enforced by using attributes.

KW - Information flow control

KW - Attribute-based system

KW - Access control encryption

KW - Security

KW - Privacy

U2 - 10.1016/j.ins.2019.01.074

DO - 10.1016/j.ins.2019.01.074

M3 - Article

SN - 0020-0255

VL - 484

SP - 167

EP - 182

JO - Information Sciences

JF - Information Sciences

ER -

Fine-Grained Information Flow Control Using Attributes

Abstract

Keywords

Access to Document

Fingerprint

Cite this