Extending Expressive Access Policies with Privacy Features

Stefan More, Sebastian Ramacher, Lukas Alber, Marco Herzl

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung

Abstract

Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.
However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.
In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate
our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible.
OriginalspracheEnglisch
Titel2022 IEEE 21th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Seiten1-9
ISBN (elektronisch)978-1-6654-9425-0
DOIs
PublikationsstatusVeröffentlicht - 2022
Veranstaltung2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) -
Dauer: 9 Dez. 202211 Dez. 2022

Konferenz

Konferenz2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Zeitraum9/12/2211/12/22

Research Field

  • Cyber Security

Fingerprint

Untersuchen Sie die Forschungsthemen von „Extending Expressive Access Policies with Privacy Features“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren