290 likes | 395 Views
Managing Key hierarchies for access control enforcement: Heuristic approaches. ELSEVIER(2010) Computers & Security Carlo Blundo , Stelvio Cimato Sabrina De Capitani di Vimercati Alfredo De Santis , Sara Foresti , Stefano Paraboschi , Pierangela Samarati. 2013.04.15
E N D
Managing Key hierarchies for access control enforcement: Heuristic approaches ELSEVIER(2010) Computers & Security Carlo Blundo, StelvioCimato Sabrina De Capitani di Vimercati Alfredo De Santis, Sara Foresti, Stefano Paraboschi, PierangelaSamarati 2013.04.15 Regular Seminar DBLAB Tae HoonKim Reference PPT : Ara-Jo Managing Key hierarchies for access control enforcement: Heuristic approaches
Contents • Introduction • Basic Concepts • Problem Formulation • Minimum weight user tree • Linear programming approach • Minimum Spanning tree heuristics • Sibling-based heuristic • Leaves-based heuristic • Mixed heuristics • Experimental results • Conclusions and future work
Introduction • The main advantage of data outsourcing • Higher availability • To provide effective service • More effective disaster protection • To protect unauthorized user • Data provider problem; may be put risk • When? Release their information to external servers • external servers that are not under their control, data confidentiality may be put at risk • To protect the resource from both unauthorized users and Honest-but curious server(Service Provider) • Why? while trustworthy to properly manage the data, may not be trusted by the data owner to read their content.
Introduction 데이터 소유자 서비스 제공자 데이터 아웃소싱 아웃소싱된 데이터베이스 부동산 데이터베이스 자원 자원 Hacker 서비스 제공자는 부동산에 관련된 여러 정보를 다른 경쟁 고객에게 팔 수 있고, 심지어 해킹되어 정보 누출 가능성이 존재
Introduction 데이터 소유자 서비스 제공자 데이터 아웃소싱 아웃소싱된 데이터베이스 부동산 데이터베이스 자원 자원 질의요청 사용자가 서비스 제공자에게 데이터를 요청 할 때 데이터 소유자로부터 받은 키를 이용하여 서비스 제공자에게 질의 요청을 해야 함
Introduction • In this paper • A heuristic approach to minimize the number of keys to be maintained by the system distributed to user • Leaves-based heuristics • Mixed-based heuristics
BasicConcepts(Selective encryption method) • Cap1) (c) ={r1,r2,r3,r4,r5,r6} • Acl2) (r4) ={A, B,C} 1) Cap: Capability of list 2)Access control list • Selective encryption techniques • To use different keys for encrypting data • To release to each user the set of keys necessary to decrypt • Easy to see that solution
BasicConcepts(key derivation method) cap(A) ={r1,r2,r3,r4,r5} V0[] acl(r4) ={A, B, C} V1[A] V2[] V3[] V4[] V6[AC] V5[AB] V7[AD] V8[BC] V9[BD] V10[CD] r3 r2 r1 V14[BCD] V11[ABC] V12[ABD] V13[ACD] r6 r5 r4 V15[ABCD] User graph
BasicConcepts(key derivation method) • Advantage of user graph • Conceptually simple • Potentially easy to implement • Disadvantage of user graph • Significantly more keys than actually needed. • Efficiency of the key management
Problem formulation(User tree) • User tree definition • User tree = T(tree) • Rooted at the vertex representing the empty user group : • Subgraph = Gu • Spanning all vertices = • Each user has a key ring = key_ringT(u) • T = <Vertex, Edge>, Gu = <Vu, Eu>
Problem formulation(User tree) V0[] r1 r2 r3 V2[AC] V1[AB] V3[AD] V6[BCD] V4[ABC] V5[ABD] r4 r5 r6 User tree
Minimum weight user tree V0[] “NP1) -hardness” Weight(T) =11 2 2 2 3 V2[AC] V1[AB] V3[AD] 1 1 V6[BCD] V4[ABC] V5[ABD] 1)NP-Hardness(NP난해) : NP-hard는 NP에 속하는 모든 판정 문제를 다항 시간에 다대일 환산할 수 있는 문제들의 집합이다. 다시 말하면, NP-난해는 적어도 모든 NP 문제만큼은 어려운 문제들의 집합이다. • Minimum weight user tree definition • T =<V, E> be a user tree • Weight ,W • E→N :weight function • ∀(vi, vj) ∈ E, W(vi, vj) = |vj.acl\vi.acl| • To solve the problem • Integer Linear Programing(ILP) • Can be solved adopting known algorithms and tools. • Three families of heuristics
Linear programming approach • The linear constraints impose that • 1. The edges and vertices selected form a tree structure • 2. All material vertices belong to the user tree. • Constraints • Each non-material vertex in the user graph has at most one incoming edgein the user tree • Only vertices having at least an outgoing edge have an incoming edgein the user tree • Each material vertexhas exactly an incoming edge • Variables associated with the edges of the user graph can only assume value 1 or, 0 • Modeling the presence or not of corresponding edge in the computed user tree
Linear programming approach V0[] V1[A] V2[] V3[] V4[] V6[AC] V5[AB] V7[AD] V8[BC] V9[BD] V10[CD] r3 r2 r1 V14[BCD] V11[ABC] V12[ABD] V13[ACD] r6 r5 r4 V15[ABCD]
Minimum spanning tree heuristics • Be based on the computation of MST over a graph • G = (V, E’, w), V = E’ = {(vi, vj)|vi, vji.aclVi.acl} • W(vi, vj) = |Vj.acl\Vi.acl| • The MST over G can be reduce the weight • Vk.acl = vi.acl vj.acl • A parent of vi and vj • Because include Vk.key instead of both vi.key and vj.key
Minimum spanning tree heuristicsCase 1 • U = Vk.acl = vi.acl vj.acl • initial configuration • Final configuration vpi vpi vpi vpj vpi vpj vpj vpj vi vi vj vi vj vj vj vi
Minimum spanning tree heuristicsCase 2 • U = Vk.acl = vi.acl vj.acl • initial configuration • Final configuration vpi vpj vpi vk vpj vk vi vj vi vj
Minimum spanning tree heuristicsCase 3 • U = Vk.acl = vi.acl vj.acl • initial configuration • Final configuration vpi vpj vpj vpi vk vi vj vj vi vpi vpj vpi vpj vk vi vj vj vi vpi vpj vt vpi vpj vt vi vj vk vi vj
Minimum spanning tree heuristics • But, selection process is expensive decide to use Vpi or Vpjas Vpk direct ancestor of Vkwhenever it is possible • Consider to determine the heuristics(based on Prim’s algorithm) • Sibling3)-based heuristic • Leaves-based heuristic • Mixed heuristics • Consider to select three criterias • Max : • Min : • Random : at Random 3)Sibling : 형제 자매
Minimum spanning tree heuristics • Heuristic algorithm for computing a minimal user tree Phase1. select material vertices Phase2. compute a MST, T Phase3. operate the heuristics - Siblings - Leaves - Mixed V0[] 1 V1[A] 4 2 2 Weight =12 3 V2[ACD] V4[ABCE] V3[ABD] V5[BCDE]
Minimum spanning tree heuristics V0[] 1 V1[A] 4 1 2 Case 3. 2 3 V6[AC] V3[ABD] V5[BCDE] 1 2 Weight =12 Weight =11 V2[ACD] V4[ABCE] • At least 2 children • Possible insertion of a vertex Vk Sibling-based heuristic
Minimum spanning tree heuristics V0[] Weight =12 Weight =11 1 V1[A] 4 //Siblings //ancestors 2 2 3 3 Case 3. V2[ACD] V3[ABD] V6[BCE] 1 1 V4[ABCE] V5[BCDE] Leaves-based heuristics
Minimum spanning tree heuristics //Sibling-based heuristics //Leaves-based heuristics Mixed heuristics
Minimum spanning tree heuristics V0[] Weight =12 Weight =9 1 V1[A] 4 3 1 2 3 Case 3. Case 3. V6[BCE] V6[AC] 2 1 1 1 1 V4[ABCE] V5[BCDE] V3[ABD] V2[ACD] Mixed heuristics (cont.)
Experimental results • Experiment environment • Centrino 1.7Mhz CPU • Randomly generated access matrices • Considering different numbers of users and resources in the system • Experiments step is consist of three steps
Experimental results • Number of times • Sibling-based Vs. • Only min preference criterion4) 4)Criterion : 기준, 표준
Experimental results Mixed Damiani et al.(2006) Leaf-based Sibling-based
Conclusions and future work • In this paper, • Addressed the issue by integrating access control and encryption and by exploiting key derivation method • As a way for minimizing the number of keys distributed to users • Presented three families of heuristics • Sibling-based heuristic • Leaves-based heuristic • Mixed heuristics • Future work • 1. Re-executing the heuristics every time there is a changes in the authorization • 2. Performing a simple adaptation of the tree to reflect the authorization changesor applying over-encryption solutions