Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo.

Published byJoshua Heath Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo."— Presentation transcript:

1 Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi, Pierangela Samarati Source: Computers & Security, vol.29, 2010, pp. 533-547 Presenter: Tsuei-Hung Sun Date: 2010/7/6

2 2 Outline ﻪIntroduction ﻪMotivation ﻪScheme ﻪAdvantage vs. weakness ﻪConclusion

3 3 Introduction ﻪData outsourcing promises higher availability and more effective disaster protection than in-house operations. ﻪIt need to protect the privacy of the data from the so called honest-but-curious servers.

4 4 Introduction ﻪPrim's algorithm Image source: Prim's algorithm, 清華大學資訊工程所 劉炯朗 教授 http://nthucad.cs.nthu.edu.tw/~yyliu/personal/nou/04ds/prim.html http://nthucad.cs.nthu.edu.tw/~yyliu/personal/nou/04ds/prim.html

5 5 Motivation ﻪExisting approaches do not address the problem of supporting different access authorizations for different users. ﻪEnforcing the authorization policy by heuristic and minimizing the number of keys to be maintained by the system and distributed to users.

6 6 Scheme ﻪ Basic concept Fig. Access matrix Fig. User tree acl(r): access control list of r, users that can access r. Ex. acl(r 2 ) = {A, C} cap(u): capability list of u, resources that u can access. Ex. cap(C) = {r 2, r 4, r 6 } v.acl: set of users represented by vertex v. v.key: key associated with v.

7 7 Scheme ﻪInteger Linear Programming (ILP) minimum user tree Fig. General minimum weight user tree Fig. ILP minimum weight user tree

8 8 Scheme ﻪILP minimum user tree problem is formulated as follows

9 9 Scheme ﻪThree families of heuristics ﻩsibling-based (S) ﻩleaf-based (L) ﻩmixed (M) ﻪThree preference criteria ﻩrnd: at random. ﻩmax: |v i.acl| + |v j.acl| is maximum, ties are broken randomly. ﻩmin: |v i.acl| + |v j.acl| is minimum, ties are broken randomly.

10 10 Sibling-based heuristic

11 11 Sibling-based heuristic

12 12 Leaves-based heuristic

13 13 Leaves-based heuristic

14 14 Mixed heuristics

15 15 Experimental result ﻪCompare three heuristics with Damiani ’ s approach. Fig. sibling-based heuristic with different preference criteria.

16 16 Experimental result ﻪCompare three heuristics adopting the min preference criterion with Damiani ’ s approach. Fig. Percentage of times each heuristic returns a solution at distance d from the lowest weight solution computed.

17 17 Advantage vs. weakness ﻪAdvantage ﻩThree families of heuristics preference better than Damiani ’ s heuristics. ﻩInteger linear programming formulation of the minimization problem. ﻪWeakness ﻩExecution time of the mixed heuristic is higher than the time requested by the other heuristics. ﻩHigh variability of the time necessary to solve the ILP problem.

18 18 Conclusion ﻪProtect the resource confidentiality from both unauthorized users and ‘‘ honest-but-curious ’’ servers. ﻪMost of the existing efforts focus on the techniques for the evaluation of queries on encrypted outsourced data. ﻪIntegrating access control and encryption and by exploiting key derivation methods as a way for minimizing the number of keys distributed to users.

19 19 References ﻪPrim's algorithm http://en.wikipedia.org/wiki/Prim%27s_algorithm (2010/7/7)http://en.wikipedia.org/wiki/Prim%27s_algorithm ﻪ 普林演算法 (Prim's algorithm) http://nthucad.cs.nthu.edu.tw/~yyliu/personal/nou/04ds/prim.html (2010/7/8) http://nthucad.cs.nthu.edu.tw/~yyliu/personal/nou/04ds/prim.html ﻪGraph (mathematics) http://en.wikipedia.org/wiki/Undirected_graph (2010/7/7)http://en.wikipedia.org/wiki/Undirected_graph ﻪMinimum spanning tree http://en.wikipedia.org/wiki/Minimum_spanning_tree (2010/7/7)http://en.wikipedia.org/wiki/Minimum_spanning_tree ﻪRegular graph http://en.wikipedia.org/wiki/Regular_graph (2010/7/8)http://en.wikipedia.org/wiki/Regular_graph ﻪGraph factorization http://en.wikipedia.org/wiki/Graph_factorization (2010/7/8)http://en.wikipedia.org/wiki/Graph_factorization ﻪDirected acyclic graph http://en.wikipedia.org/wiki/Directed_acyclic_graph (2010/7/8)http://en.wikipedia.org/wiki/Directed_acyclic_graph ﻪLinear programming http://en.wikipedia.org/wiki/Linear_programming (2010/7/9)http://en.wikipedia.org/wiki/Linear_programming

20 Thank you

21 21 Appendix ﻪPrim's algorithm: an algorithm that finds a minimum spanning tree for a connected weighted undirected graph. ﻪDirected (asymmetric): there is an edge from person A to person B when person A knows of person B. A→B ﻪUndirected (symmetric): there is an edge between two people if they shake hands, because if person A shook hands with person B, then person B also shook hands with person A. A B ﻪRegular graph: a regular graph is a graph without loops and multiple edges where each vertex has the same number of neighbors. ﻪDirected acyclic graph (DAG): directed graph with no directed cycles. ﻪDirected cycle graph: directed version of a cycle graph, with all the edges being oriented in the same direction. ﻪLinear programming: a mathematical method for determining a way to achieve the best outcome (such as maximum profit or lowest cost) in a given mathematical model for some list of requirements represented as linear equations.

22 22 符號解釋 ﻪU: user R: resource ﻪA: access matrix, row (u), column (r), A[u, r] is equal to 1 or 0. ﻪPairs : authorization policy, meaning that user u can access resource r. ﻪT: user graph G U in a user tree. ﻪM: a set of all vertices, called material vertices. (vertices whose keys are used for encrypting resources) ﻪkey_ring T (u): containing all the keys necessary to derive the keys of all vertices v.

23 23 ﻪallows owners to encrypt data, [according to an encryption policy regulated by authorizations, outsource the data to the external servers,] and distribute to users the needed encryption keys. ﻪ 資料的擁有者就不用再去維持控制資料 的儲存與存取。

24 24 Target ﻪDetermining a minimum user tree and minimizing the number of keys in users ’ key rings. ﻪTo solving this problem, solutions for the efficient management of an encryption policy enforcing access control, with the goal of minimizing the number of keys to be maintained by the system and distributed to users

Download ppt "Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo."

Similar presentations

an incremental version of A*

an incremental version of A*
Greed is good. (Some of the time)

Greed is good. (Some of the time)
Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.

Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.
1 Abdeslame ALILAOUAR, Florence SEDES Fuzzy Querying of XML Documents The minimum spanning tree IRIT - CNRS IRIT : IRIT : Research Institute for Computer.

1 Abdeslame ALILAOUAR, Florence SEDES Fuzzy Querying of XML Documents The minimum spanning tree IRIT - CNRS IRIT : IRIT : Research Institute for Computer.
Chapter 4 The Greedy Approach. Minimum Spanning Tree A tree is an acyclic, connected, undirected graph. A spanning tree for a given graph G=, where E.

Chapter 4 The Greedy Approach. Minimum Spanning Tree A tree is an acyclic, connected, undirected graph. A spanning tree for a given graph G=, where E.
Graphs Graphs are the most general data structures we will study in this course. A graph is a more general version of connected nodes than the tree. Both.

Graphs Graphs are the most general data structures we will study in this course. A graph is a more general version of connected nodes than the tree. Both.
Graph Algorithms: Minimum Spanning Tree 1 2 3 4 6 5 10 1 5 4 3 2 6 1 1 8 We are given a weighted, undirected graph G = (V, E), with weight function w:

Graph Algorithms: Minimum Spanning Tree We are given a weighted, undirected graph G = (V, E), with weight function w:
1 Algorithms for Large Data Sets Ziv Bar-Yossef Lecture 8 May 4, 2005

1 Algorithms for Large Data Sets Ziv Bar-Yossef Lecture 8 May 4, 2005
On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.

On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.
Lecture 16 CSE 331 Oct 9, 2009. Announcements Hand in your HW4 Solutions to HW4 next week Remember next week I will not be here so.

Lecture 16 CSE 331 Oct 9, Announcements Hand in your HW4 Solutions to HW4 next week Remember next week I will not be here so.
1 高等演算法 Homework One 暨南大學資訊工程學系 黃光璿 2004/11/11. 2 Problem 1.

1 高等演算法 Homework One 暨南大學資訊工程學系 黃光璿 2004/11/11. 2 Problem 1.
Two Discrete Optimization Problems Problem #2: The Minimum Cost Spanning Tree Problem.

Two Discrete Optimization Problems Problem #2: The Minimum Cost Spanning Tree Problem.
Research interest: Secure database outsourcing Presented by Alla Lanovenko Thesis Adviser: Professor Huiping Guo 599 A 11 December 2006.

Research interest: Secure database outsourcing Presented by Alla Lanovenko Thesis Adviser: Professor Huiping Guo 599 A 11 December 2006.
Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 223 – Advanced Data Structures Graph Algorithms: Minimum.

Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 223 – Advanced Data Structures Graph Algorithms: Minimum.
Design of double- and triple-sampling X-bar control charts using genetic algorithms 指導教授: 童超塵 作者: D. HE, A. GRIGORYAN and M. SIGH 主講人:張怡笳.

Design of double- and triple-sampling X-bar control charts using genetic algorithms 指導教授: 童超塵 作者: D. HE, A. GRIGORYAN and M. SIGH 主講人:張怡笳.
1 Quantum query complexity of some graph problems C. DürrUniv. Paris-Sud M. HeiligmanNational Security Agency P. HøyerUniv. of Calgary M. MhallaInstitut.

1 Quantum query complexity of some graph problems C. DürrUniv. Paris-Sud M. HeiligmanNational Security Agency P. HøyerUniv. of Calgary M. MhallaInstitut.
1 Graph Embedding (GE) & Marginal Fisher Analysis (MFA) 吳沛勳 劉冠成 韓仁智

1 Graph Embedding (GE) & Marginal Fisher Analysis (MFA) 吳沛勳 劉冠成 韓仁智
Network Aware Resource Allocation in Distributed Clouds.

Network Aware Resource Allocation in Distributed Clouds.
Software Pipelining for Stream Programs on Resource Constrained Multi-core Architectures IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEM 2012 Authors:

Software Pipelining for Stream Programs on Resource Constrained Multi-core Architectures IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEM 2012 Authors:
1 Converting Categories to Numbers for Approximate Nearest Neighbor Search 嘉義大學資工系 郭煌政 2004/10/20.

1 Converting Categories to Numbers for Approximate Nearest Neighbor Search 嘉義大學資工系 郭煌政 2004/10/20.

Similar presentations

Ads by Google