Managing Key hierarchies for access con-trol enforcement: Heuristic approaches
ELSEVIER(2010)Computers & Security
Carlo Blundo, Stelvio CimatoSabrina De Capitani di Vimercati
Alfredo De Santis, Sara Foresti,Stefano Paraboschi, Pierangela Samarati
2013.04.15 Regular Seminar
DBLAB Tae Hoon Kim
Reference PPT : Ara-Jo Managing Key hierarchies for access control en-forcement: Heuristic approaches
2 /29
Contents
1. Introduction2. Basic Concepts3. Problem Formulation4. Minimum weight user tree5. Linear programming approach6. Minimum Spanning tree heuristics
1. Sibling-based heuristic2. Leaves-based heuristic3. Mixed heuristics
7. Experimental results8. Conclusions and future work
3 /29
Introduction
The main advantage of data outsourcing Higher availability
To provide effective service More effective disaster protection
To protect unauthorized user Data provider problem; may be put risk
When? Release their information to external servers external servers that are not under their control, data confidentiality may
be put at risk To protect the resource from both unauthorized users
and Honest-but curious server(Service Provider) Why? while trustworthy to properly manage the data, may not
be trusted by the data owner to read their content.
4 /29
데이터 소유자 서비스 제공자데이터 아웃소싱부동산데이터베이스
Introduction
서비스 제공자는 부동산에 관련된 여러 정보를 다른 경쟁 고객에게 팔 수 있고 , 심지어 해킹되어 정보 누출 가능성이 존재
아웃소싱된데이터베이스자원자원
Hacker
5 /29
데이터 소유자 서비스 제공자데이터 아웃소싱부동산데이터베이스
Introduction
사용자가 서비스 제공자에게 데이터를 요청 할 때 데이터 소유자로부터 받은 키를 이용하여 서비스 제공자에게 질의 요청을 해야 함
아웃소싱된데이터베이스자원자원
질의요청
6 /29
Introduction
In this paper A heuristic approach to minimize the number of
keys to be maintained by the system distrib-uted to userLeaves-based heuristicsMixed-based heuristics
7 /29
Selective encryption techniques To use different keys for encrypting data To release to each user the set of keys necessary
to decrypt Easy to see that solution
• Cap1) (c) ={r1,r2,r3,r4,r5,r6}
• Acl2) (r4) ={A, B,C}
1) Cap: Capability of list 2)Access control list
BasicConcepts(Selective encryp-tion method)
r1 r2 r3 r4 r5 R6A 1 1 1 1 1 0B 1 0 0 1 1 1C 0 1 0 1 0 1D 0 0 1 0 1 1
8 /29
BasicConcepts(key derivation method)
V0[]
V1[A] V3[]V2[] V4[]
V5[AB] V6[AC] V7[AD]
V11[ABC] V12[ABD]
V8[BC] V9[BD] V10[CD]
V13[ACD] V14[BCD]
V15[ABCD]
r4
r1 r2 r3
r5 r6
cap(A) ={r1,r2,r3,r4,r5}acl(r4) ={A, B, C}
User graph
9 /29
BasicConcepts(key derivation method) Advantage of user graph
Conceptually simple Potentially easy to implement
Disadvantage of user graph Significantly more keys than actually needed.
Efficiency of the key management
10/29
Problem formulation(User tree)
User tree definition User tree = T(tree) Rooted at the vertex representing the empty user
group : Subgraph = Gu
Spanning all vertices = Each user has a key ring = key_ringT(u) T = <Vertex, Edge>, Gu = <Vu, Eu>
11/29
Problem formulation(User tree)
V0[]
V1[AB] V2[AC] V3[AD]
V4[ABC] V5[ABD] V6[BCD]r4
r1 r2 r3
r5 r6
r1 r2 r3 r4 r5 R6A 1 1 1 1 1 0B 1 0 0 1 1 1C 0 1 0 1 0 1D 0 0 1 0 1 1
user Key rings
A v1.key v2.key. v3.keyB v1.key v6.keyC v2.key v4.key v6.keyD v3.key v5.key v6.key
User tree
12/29
Minimum weight user tree
Minimum weight user tree definition T =<V, E> be a user tree Weight ,W
E→N : weight function∀(vi, vj) ∈ E, W(vi, vj) = |vj.acl\vi.acl|
To solve the problem Integer Linear Programing(ILP)
Can be solved adopting known algorithms and tools.
Three families of heuristics
V0[]
V1[AB] V2[AC] V3[AD]
V4[ABC] V5[ABD] V6[BCD]
2 2 23
1 1
Weight(T) =11“NP1) -hardness”
1)NP-Hardness(NP난해 ) : NP-hard는 NP에 속하는 모든 판정 문제를 다항 시간에 다대일 환산할 수 있는 문제들의 집합이다 . 다시 말하면 , NP-난해는 적어도 모든 NP 문제만큼은 어려운 문제들의 집합이다 .
13/29
Linear programming approach
The linear constraints impose that 1. The edges and vertices selected form a tree structure 2. All material vertices belong to the user tree.
Constraints1. Each non-material vertex in the user graph has at most
one incoming edge in the user tree2. Only vertices having at least an outgoing edge have an
incoming edge in the user tree3. Each material vertex has exactly an incoming edge4. Variables associated with the edges of the user graph can
only assume value 1 or, 0 Modeling the presence or not of corresponding edge in the com-
puted user tree
14/29
Linear programming approach
V0[]
V1[A] V3[]V2[] V4[]
V5[AB] V6[AC] V7[AD]
V11[ABC] V12[ABD]
V8[BC] V9[BD] V10[CD]
V13[ACD] V14[BCD]
V15[ABCD]
r4
r1 r2 r3
r5 r6
15/29
Minimum spanning tree heuristics
Be based on the computation of MST over a graph G = (V, E’, w), V = E’ = {(vi , vj)|vi, vji.aclVi.acl} W(vi, vj) = |Vj.acl\Vi.acl|
The MST over G can be reduce the weight Vk.acl = vi.acl vj.acl
A parent of vi and vj
Because include Vk.key instead of both vi.key and vj.key
16/29
Minimum spanning tree heuristicsCase 1U = Vk.acl = vi.acl vj.acl
vpi
vi
vpj
vjvpi
vi
vj
vpj
vpi
vi
vpj
vj
vpj
vj
vi
vpi
initial configuration Final configura-tion
17/29
Minimum spanning tree heuristicsCase 2U = Vk.acl = vi.acl vj.acl
vpjvpi
vi vj
vk vk
vi vj
vpjvpi
initial configuration Final configura-tion
18/29
Minimum spanning tree heuristicsCase 3U = Vk.acl = vi.acl vj.acl initial configuration Final configura-
tionvpjvpi
vi vj
vpjvpi
vi vj
vk
vpjvpi
vi vj
vk
vpjvpi
vi vj
vpjvpi
vi vj
vtvpjvpi vt
vk
vi vj
19/29
Minimum spanning tree heuristics
But, selection process is expensive decide to use Vpi or Vpj as Vpk direct ancestor of Vk whenever it is possible Consider to determine the heuristics(based on Prim’s
algorithm)1. Sibling3)-based heuristic2. Leaves-based heuristic3. Mixed heuristics
Consider to select three criterias1. Max :2. Min :3. Random : at Random
3)Sibling : 형제 자매
/29
Minimum spanning tree heuristics
Heuristic algorithm for computing a min-imal user tree
20
r1 r2 r3 r4 r5A 1 1 1 1 0B 0 0 1 1 1C 0 1 1 0 1D 0 1 0 1 1E 0 0 1 0 1
Phase1. select material verticesPhase2. compute a MST, TPhase3. operate the heuristics
- Siblings- Leaves- Mixed
V0[]
V1[A]
V3[ABD] V5[BCDE]V2[ACD]V4[ABCE]
1
2 32
4
Weight =12
21/29
Minimum spanning tree heuristics
Sibling-based heuristic V0[]
V1[A]
V3[ABD] V5[BCDE]
V2[ACD]V4[ABCE]
V6[AC]
1
2 32
4
1
12 Weight =12Weight =11
Case 3.
At least 2 children Possible insertion of a vertex Vk
22/29
Minimum spanning tree heuristics
Leaves-based heuristicsV0[]
V1[A]
V3[ABD]
V5[BCDE]
V2[ACD]
V4[ABCE]
1
23
24
Weight =12
V6[BCE]
3
1 1
Weight =11
//Siblings//ancestors
Case 3.
23/29
Minimum spanning tree heuristics
Mixed heuristics
//Sibling-based heuristics
//Leaves-based heuristics
24/29
Minimum spanning tree heuristics
Mixed heuristics (cont.)
V0[]
V1[A]
V3[ABD] V5[BCDE]V2[ACD] V4[ABCE]
1
2 3
2
4
Weight =12
V6[BCE]
3
1 1
Weight =9
Case 3.
V6[AC]
1
11
Case 3.
25/29
Experimental results
Experiment environment Centrino 1.7Mhz CPU Randomly generated access matrices Considering different numbers of users and re-
sources in the system Experiments step is consist of three
steps
26/29
Experimental results
Vs.
• Number of times• Sibling-based
• Only min prefer-ence criterion4)
4)Criterion : 기준 , 표준
27/29
Experimental results
Mixed
Damiani et al.(2006)
Leaf-based
Sibling-based
28/29
Conclusions and future work
In this paper, Addressed the issue by integrating access control and encryp-
tion and by exploiting key derivation method As a way for minimizing the number of keys distributed to users
Presented three families of heuristics1. Sibling-based heuristic2. Leaves-based heuristic3. Mixed heuristics
Future work 1. Re-executing the heuristics every time there is a changes in
the authorization 2. Performing a simple adaptation of the tree to reflect the au-
thorization changes or applying over-encryption solutions
/29
Thank you for listening my presenta-tion. Question/Answer :)
29