Sciweavers

WPES
2004
ACM

Hidden access control policies with hidden credentials

14 years 5 months ago
Hidden access control policies with hidden credentials
In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice’s credentials satisfy Bob’s access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. In this paper, we present an efficient protocol that protects both sensitive credentials and policies. That is, Alice gets the resource only if she satisfies Bob’s policy, Bob does not learn anything about Alice’s credentials (not even whether Alice got access or not), and Alice learns neither Bob’s policy structure nor which credentials caused her to ...
Keith B. Frikken, Mikhail J. Atallah, Jiangtao Li
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where WPES
Authors Keith B. Frikken, Mikhail J. Atallah, Jiangtao Li
Comments (0)