Adaptive Cryptographic Access Control (eBook)

Foreword 8
Preface 10
Acknowledgements 10
Contents 12
Chapter 1 Introduction 16
1.1 Motivation 16
1.2 What is Autonomic Computing? 17
1.3 From Manually Managed to Adaptive Access Control 18
1.4 Aim of this Monograph 20
1.5 How to read this Monograph 23
Chapter 2 A Presentation of Access Control Methods 25
2.1 Distributed Access Control’s Beginnings 25
2.2 Terminology 26
2.3 General Access Control Models 27
2.3.1 Discretionary Access Control 27
2.3.2 Mandatory Access Control 29
2.3.3 Role-Based Access Control 30
2.3.4 Multilevel Access Control 32
2.3.4.1 The BLP and BIBA models 32
2.3.4.2 The Chinese Wall Model 32
2.3.4.3 The Clark-Wilson (CLW) Model 33
2.4 Cryptographic Access Control 33
2.4.1 Key Management Models 34
2.4.2 One-Way Function Schemes 35
2.4.3 Time-Bound Schemes 42
2.4.4 Other CKM Schemes 43
2.5 Other Access Control Paradigms 44
2.5.1 Overview 44
2.5.2 Cookies 45
2.5.3 XML Access Control and Limitations 46
2.5.4 Anti-Viruses, Intrusion Detection, and Firewalls 48
2.6 Controlling Access to Outsourced Data 50
2.7 Autonomic Access Control 51
2.7.1 The Autonomic Security Model 52
2.7.2 Perspectives and Discussions 53
Chapter 3 Efficient Key Management: Heuristics 55
3.1 Overview 55
3.2 An Overview of the CAT Scheme 56
3.3 Exponent Assignment Algorithm 57
3.3.1 Algorithm 59
3.3.2 Exponent Assignment Example 60
3.4 Enforcing Hierarchy Updates 62
3.4.1 Replacement, Insertion, and Deletion: Algorithm 62
3.4.2 Insertion, Deletion and Replacement: Example 64
3.5 Analysis 66
3.5.1 Security Analysis 66
3.5.2 Complexity Analysis 67
3.6 Experimental Setup and Results 67
3.6.1 Implementation and Experimental Setup 68
3.6.2 Cost of Key Generation 69
3.6.3 Cost of Data Encryption 70
3.6.4 Cost of Key Replacement 71
3.6.5 Window of Vulnerability 71
3.7 Discussions 72
Chapter 4 Timestamped Key Management 74
4.1 On Timestamps and Key Updates 74
4.2 Timestamped Key Assignment 76
4.3 Timestamped Rekey Scheme - Algorithm 78
4.4 Analysis 79
4.4.1 Security Analysis 79
4.4.2 Complexity Analysis 79
4.5 Experimental Setup and Results 80
4.5.1 Implementation and Experimental Setup 80
4.5.2 Timestamped Key Generation - Server Cost 82
4.5.3 Timestamped Rekeying - Server Cost 83
4.5.4 Window of Vulnerability 84
4.6 Discussion 85
Chapter 5 Controlling Access to Outsourced Data 88
5.1 88
5.1.1 Securing Outsourced Data 89
5.1.2 Combining CKM and RBAC 91
5.1.3 Handling Key Updates 93
5.2 Discussion 95
Chapter 6 Self-Protecting Key Management 97
6.1 Overview 97
6.2 Self-Protecting Cryptographic Key Management (SPCKM) Framework 98
6.2.1 Mathematical Model Supporting Framework 100
6.2.2 An Example 104
6.3 Implementation and Experimental Setup 105
6.3.1 Experimental Setup 105
6.3.2 Prototype Description 106
6.3.3 Performance Criteria 107
6.3.4 Experimental Results 108
6.4 Discussions 111
6.4.1 Contributions of the SPCKM Framework 111
6.4.2 Some Challenges in Adaptive Rekeying 113
6.4.3 The Adaptive Rekey Scheduling Problem 114
Chapter 7 Collusion Detection and Resolution 116
7.1 Overview 116
7.2 On Detecting Collusion Possibilities 117
7.2.1 The DCFK problem 118
7.3 An Adaptive Framework for Collusion Detection and Resolution (ACDR) 119
7.3.1 Some Basic Assumptions 120
7.3.2 Collusion Verification 122
7.3.3 Example of Collusion Detection 123
7.3.4 Collusion Resolution Algorithm 124
7.3.5 Example of Collusion Resolution 125
7.4 Experimental Setup and Results 127
7.4.1 Implementation and Experimental Setup 127
7.4.2 Cost of Collusion Detection 127
7.4.3 Cost of Collusion Resolution 128
7.4.4 Cost of Key Generation 129
7.4.5 Cost of Key Generation and Data Encryption 130
7.5 Discussions 130
Chapter 8 Conclusions 132
8.1 Synopsis 132
8.2 Critique 133
8.3 Potential Extensions 136
8.3.1 Internal Violations 136
8.3.2 Adaptive Rekeying 137
8.3.3 Key Selection 138
References 139
Index 146