![Page 1: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/1.jpg)
Managing key hierarchies for access control enforcement: Heuristic approaches
Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi, Pierangela Samarati
Source: Computers & Security, vol.29, 2010, pp. 533-547
Presenter: Tsuei-Hung Sun
Date: 2010/7/6
![Page 2: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/2.jpg)
2
Outline
ه Introduction
ه Motivation
ه Scheme
ه Advantage vs. weakness
ه Conclusion
![Page 3: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/3.jpg)
3
Introduction
ه Data outsourcing promises higher availability and more effective disaster protection than in-house operations.
ه It need to protect the privacy of the data from the so called honest-but-curious servers.
![Page 4: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/4.jpg)
4
Introduction
ه Prim's algorithm
Image source: Prim's algorithm, 清華大學資訊工程所 劉炯朗 教授 http://nthucad.cs.nthu.edu.tw/~yyliu/personal/nou/04ds/prim.html
![Page 5: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/5.jpg)
5
Motivation
ه Existing approaches do not address the problem of supporting different access authorizations for different users.
ه Enforcing the authorization policy by heuristic and minimizing the number of keys to be maintained by the system and distributed to users.
![Page 6: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/6.jpg)
6
Scheme
ه Basic concept
Fig. Access matrixFig. User tree
acl(r): access control list of r, users that can access r. Ex. acl(r2) = {A, C}cap(u): capability list of u, resources that u can access. Ex. cap(C) = {r2 , r4 , r6}v.acl: set of users represented by vertex v.v.key: key associated with v.
![Page 7: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/7.jpg)
7
Scheme
ه Integer Linear Programming (ILP) minimum user tree
Fig. General minimum weight user tree Fig. ILP minimum weight user tree
![Page 8: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/8.jpg)
8
Scheme
ه ILP minimum user tree problem is formulated as follows
![Page 9: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/9.jpg)
9
Scheme
ه Three families of heuristicsه sibling-based (S)ه leaf-based (L) ه mixed (M)
ه Three preference criteriaه rnd: at random.ه max: |vi.acl| + |vj.acl| is maximum, ties are broken rando
mly.ه min: |vi.acl| + |vj.acl| is minimum, ties are broken rando
mly.
![Page 10: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/10.jpg)
10
Sibling-based heuristic
![Page 11: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/11.jpg)
11
Sibling-based heuristic
![Page 12: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/12.jpg)
12
Leaves-based heuristic
![Page 13: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/13.jpg)
13
Leaves-based heuristic
![Page 14: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/14.jpg)
14
Mixed heuristics
![Page 15: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/15.jpg)
15
Experimental result
ه Compare three heuristics with Damiani’s approach.
Fig. sibling-based heuristic with different preference criteria.
![Page 16: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/16.jpg)
16
Experimental result
ه Compare three heuristics adopting the min preference criterion with Damiani’s approach.
Fig. Percentage of times each heuristic returns a solution at distance d from the lowest weight solution computed.
![Page 17: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/17.jpg)
17
Advantage vs. weakness
ه Advantageه Three families of heuristics preference better than Dami
ani’s heuristics.ه Integer linear programming formulation of the minimiz
ation problem.
ه Weaknessه Execution time of the mixed heuristic is higher than the
time requested by the other heuristics.ه High variability of the time necessary to solve the ILP
problem.
![Page 18: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/18.jpg)
18
Conclusion
ه Protect the resource confidentiality from both unauthorized users and ‘‘honest-but-curious’’ servers.
ه Most of the existing efforts focus on the techniques for the evaluation of queries on encrypted outsourced data.
ه Integrating access control and encryption and by exploiting key derivation methods as a way for minimizing the number of keys distributed to users.
![Page 19: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/19.jpg)
19
References
ه Prim's algorithm http://en.wikipedia.org/wiki/Prim%27s_algorithm (2010/7/7)ه 普林演算法 (Prim's algorithm) http://nthucad.cs.nthu.edu.tw/~yyliu/personal/
nou/04ds/prim.html (2010/7/8)ه Graph (mathematics) http://en.wikipedia.org/wiki/Undirected_graph (2010/7/
7)ه Minimum spanning tree http://en.wikipedia.org/wiki/Minimum_spanning_tree
(2010/7/7)ه Regular graph http://en.wikipedia.org/wiki/Regular_graph (2010/7/8)ه Graph factorization http://en.wikipedia.org/wiki/Graph_factorization (2010/7/
8)ه Directed acyclic graph http://en.wikipedia.org/wiki/Directed_acyclic_graph
(2010/7/8)ه Linear programming http://en.wikipedia.org/wiki/Linear_programming (2010/
7/9)
![Page 20: Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo](https://reader035.vdocuments.pub/reader035/viewer/2022062421/56649e165503460f94b00a26/html5/thumbnails/20.jpg)
Thank you