Extending Expressive Access Policies with Privacy Features

Stefan More; Sebastian Ramacher; Lukas Alber; Marco Herzl

doi:10.1109/TrustCom56396.2022.00084

Extending Expressive Access Policies with Privacy Features

Stefan More, Sebastian Ramacher, Lukas Alber, Marco Herzl

Security & Communication Technologies

Graz University of Technology

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.
However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.
In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate
our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible.

Originalsprache	Englisch
Titel	2022 IEEE 21th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Seiten	1-9
ISBN (elektronisch)	978-1-6654-9425-0
DOIs	https://doi.org/10.1109/TrustCom56396.2022.00084
Publikationsstatus	Veröffentlicht - 2022
Veranstaltung	2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) - Dauer: 9 Dez. 2022 → 11 Dez. 2022

Konferenz

Konferenz	2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Zeitraum	9/12/22 → 11/12/22

Research Field

Cyber Security

Zugriff auf Dokument

10.1109/TrustCom56396.2022.00084

Diese Publikation zitieren

@inproceedings{b849bec146e3474c81d09d8e97ab8a77,

title = "Extending Expressive Access Policies with Privacy Features",

abstract = "Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrateour design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible.",

author = "Stefan More and Sebastian Ramacher and Lukas Alber and Marco Herzl",

year = "2022",

doi = "10.1109/TrustCom56396.2022.00084",

language = "English",

isbn = "978-1-6654-9426-7",

pages = "1--9",

booktitle = "2022 IEEE 21th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)",

note = "2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) ; Conference date: 09-12-2022 Through 11-12-2022",

}

More, S, Ramacher, S, Alber, L & Herzl, M 2022, Extending Expressive Access Policies with Privacy Features. in 2022 IEEE 21th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) . S. 1-9, 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 9/12/22. https://doi.org/10.1109/TrustCom56396.2022.00084

TY - GEN

T1 - Extending Expressive Access Policies with Privacy Features

AU - More, Stefan

AU - Ramacher, Sebastian

AU - Alber, Lukas

AU - Herzl, Marco

PY - 2022

Y1 - 2022

N2 - Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrateour design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible.

AB - Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrateour design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible.

U2 - 10.1109/TrustCom56396.2022.00084

DO - 10.1109/TrustCom56396.2022.00084

M3 - Conference Proceedings with Oral Presentation

SN - 978-1-6654-9426-7

SP - 1

EP - 9

BT - 2022 IEEE 21th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

T2 - 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Y2 - 9 December 2022 through 11 December 2022

ER -

Extending Expressive Access Policies with Privacy Features

Abstract

Konferenz

Research Field

Zugriff auf Dokument

Fingerprint

Diese Publikation zitieren