Trusted Computing and Information Security

Frontmatter

Homology Analysis Method of Worms Based on Attack and Propagation Features

Abstract

Internet worms pose a serious threat to the Internet security. In order to avoid the security detection and adapt to diverse target environment, the attackers often modify the existing worm code, then get the variants of original worm. Therefore, it is of practical significance to determine the cognate relationship between worms quickly and accurately. By extracting the semantic structure, attack behavior and propagation behavior of the worm, the worm feature set is generated, and the worm sensitive behavior library is built with the idea of association analysis. On this basis, combined with random forest and sensitive behavior matching algorithm, the homology relationship between worms was determined. The experimental results show that the method proposed can fully guarantee the time performance of the algorithm, what’s more further improve the accuracy of the results of the homology analysis of worms.

Liyan Wang, Jingfeng Xue, Yan Cui, Yong Wang, Chun Shan

Modeling and Analysis of Information Propagation Model of Online/Offline Network Based on Coupled Network

Abstract

Currently, more and more scholars believe that most networks are not isolated, but interact with each other. Internet-based social network (online network), and physical contact networks (offline network) are a coupled network that interact with each other. Person have online virtual identity and offline social identity. In this paper, the double SIR information spreading model with unilateral effect is constructed according to the characteristics of online and offline information dissemination. And two typical types of coupled networks, BA_BA network and WS_WS network, are used to simulate. The experimental results show that the online information propagation can inhibit the scope of offline. This inhibition is slightly weaker for the BA_BA network that the inter degree-degree correlation (IDDC) is positive. At the same time, it is found that the increase of the interlayer influence rate can enhance the synchronization of information transmission on online and offline so that effectively promote the information propagation of online/offline.

Wanting Qin, Tongrang Fan

A Signature-Sharing Based Auditing Scheme with Data Deduplication in Cloud Storage

Abstract

With the rapid development of cloud computing, more and more individuals and enterprises trend to store their massive data in the cloud to reduce the expenses of data maintenance and achieve more convenient access. As the cloud service provider is not fully trusted, the accidents involving software or hardware in cloud servers may cause damage of the users’ data, which might be covered by the cloud servers deliberately for its reputation. What’s worse, the cloud servers may also maliciously discard the rarely accessed data for saving storage space. Data auditing can timely detect and restrict the malicious behaviors of the cloud servers, therefore it can improve the quality of cloud service. Meanwhile there are a large amount of data storing in the cloud repeatedly, the data deduplication technique can make the cloud keep the only physical duplicate for the same data, therefore eliminate redundant data and achieve the efficient storage. To achieve auditing with data deduplication, the existing schemes need different users to sign the same data, which consume a large amount of computing resources of the users, especially it is difficult to be accomplished in the case of poor computation in client side’s portable devices. Based on the public verifiability and batch auditing of the POR, we propose a signature-sharing based scheme, for the same data, it only needs the first user to sign and share its signature with the after users for data auditing, this can effectively reduce the burden of the signature computation of the users, consequently achieves both data integrity and storage efficiency.

Liang Wang, Baocang Wang, Shuquan Ma

A Trusted VM Live Migration Protocol in IaaS

Abstract

Trusted computing is an important means for the security of the IaaS platform. One of the key problem is how to migrate a virtual machine (VM) from one host to another trustily. To solving it, the lifecycle of VM, trusted proof of VM and other notions are presented in this paper. Moreover, the paper proposes a Trusted Virtual Machine Migration Protocol (TVMMP) which can guarantee the coherence and continuity of trusted status during the VM migration and provide secure aids for trusted migration of VM in the IaaS platform. Through the security analysis and comparison, it can be proved that the protocol is suitable for trusted computing cloud platform.

Xinfeng He, Junfeng Tian

Double-Layered Predictor for High-Fidelity Reversible Data Hiding

Abstract

The high-fidelity reversible data hiding aims to reduce the embedding distortion as far as possible, especially when the embedding capacity is low. To improve the embedding performance, a novel high-fidelity reversible data hiding method based on double-layered predictor is proposed. At first, the cover image is divided into two sets. The one set is used to predict the pixels in the other set according to the rhombus prediction method. Then, the prediction errors are used to embed data using pixel value ordering method. At last, the marked pixels in the first set are used to implement the process of embedding in the other set. To the best of our knowledge, the proposed predictor is the first double-layered predictor in the field of reversible data hiding. Extensive experiments demonstrate that the proposed method can significantly improve the embedding performance of the existing high-fidelity reversible data hiding method methods, especially for the relatively smooth images.

Fuqiang Di, Junyi Duan, Jia Liu, Guangwei Su, Yingnan Zhang

A New FPGA PUF Based on Transition Probability Delay Measurement

Abstract

By extracting the physical random differences produced in the manufacturing process on chip itself, a unique identification of any FPGA could be obtained with certain excitation, which has brought new opportunities to research and development of key generation and storage. Based on the transition probability method to measure the delay of LUT, this paper proposes a new PUF (Physical Unclonable Function) scheme. By choosing the LUT under measurement intentionally, such as 2D barcode, it realizes the multi-dimensional information utilization. An overlapping route comparison method is adopted in this scheme to measure the delay of a single LUT with high accuracy and low resource consumption, which has been significantly optimized compared to previous work in accuracy, granularity and resource consumption.

Zhenyu Guan, Yuyao Qin, Junming Liu

A New Service Selection Method Based on Service Depository Relevance

Abstract

In view of the current service selection method, the service attribute of the service requester itself and the service selection method based on collaborative filtering are not considered. The paper will combine the filtering technology with the trust measurement method. According to the service requestor’s personality attribute characteristics of the service selection process, the introduction of the user (service requestor) relevance, and calculate the recommended credibility, the use of analytic hierarchy process to determine the weight of the service reputation value. A Trusted Service Selection Model Based on Collaborative Filtering. The simulation results show that the proposed method can effectively avoid the malicious attacks of service providers and improve the efficiency of service selection.

WeiJin Jiang, YuHui Xu

Real-Time Trusted Computing Technology for Xenomai

Abstract

With the development of science and technology, embedded system plays an indispensable part in our daily life. Real time operating system (RTOS) is the critical part of it. To meet the stringent response time requirements, Xenomai is developed as a software framework adding real-time capabilities to the mainline linux kernel. And on the hand, the security of RTOS is a rising issue for computer industrial development, as RTOS used to be considered safer than other system. Therefore, trusted platform module (TPM) is proposed to ensure security form a hardware perspective. In this work, we built a trusted real-time platform based on dual kernel architecture. It comprises host OS and guest OS, which are implemented by trusted virtualization platform (TVP) and Xenomai respectively. In the platform, TVP was based on SW-TPM. Then some tests were carried out to verify performance of system that we built. The result shows that compared with original linux kernel, the average rate of time saving by our platform is 49.52%. The TPM commands executed in the present system is faster than that runs as binary file in the SW-TPM alone.

Mingdi Xu, Xueyuan Gao, Yang Gao, Fan Zhang

Cryptanalysis of Rijndael-192/224 in Single Key Setting

Abstract

Rijndael was the finalist of Advanced Encryption Standard (AES) competition and Rijndael-128 with the 128-bit block size was selected as the standard. In this paper, we concentrate on the security of large-block Rijndael under impossible differential attack. First, the differential properties of S-box and MixColumn in Rijndael were analyzed to construct a 6-round impossible differential distinguisher of Rijndael-192. Based on the new distinguisher, the first impossible differential attack on 9-round Rijndael-192 was proposed. Then the flaws in the impossible differential attack on 10-round Rijndael-224 introduced by Minier in 2016 were presented. And a new impossible differential attack on 10-round Rijndael-224 was introduced in this paper. Finally, the optimal techniques such as: early abort technique, quick sort algorithm and time-memory tradeoff strategy could be used to improve the security of Rijndael-160 and Rijndael-256 under the impossible differential attack.

Jingyi Cui, Jiansheng Guo, Yipeng Liu

Exception Detection of Data Stream Based on Improved Maximal Frequent Itemsets Mining

Abstract

The security of data stream attracts more attention in daily life, the huge number of data stream makes it impossible to detect its exceptions, and the maximal frequent itemsets (MFIs) can perfectly imply data stream and the number is smaller, therefore, the time cost and memory usage are much more efficient. This paper proposes DMFI to detect the exceptions of data stream, an improved method called MRMFI and a pattern matching method called IM-Sunday and included in DMFI. MRMFI mines the MFIs from data stream and it uses two matrices to store the information, the frequent multiple-itemsets are generated by the extension of frequent 2-itemsets. Then, the exceptions are detected by using IM-Sunday algorithm to match the patterns in MFIs. Some experimental studies are conducted based on proposed method, the results show that the MRFIM method can mine MFIs in less time and DMFI can efficiently detect the exceptions of data stream.

Saihua Cai, Ruizhi Sun, Chunming Cheng, Gang Wu

A Dictionary Sequence Model to Analyze the Security of Protocol Implementations at the Source Code Level

Abstract

It is one of most important parts in the field of information security to set up models for the security analysis of cryptographic protocols, especially for the security analysis of cryptographic protocol implementations at the source code level. On the base of the dictionary sequence, a model is set up in this paper, aimed at the security analysis of cryptographic protocol implementations at the source code level. It is a new way to evaluate whether protocols are secure or not through the change of the sequences of function returning values in the process of the implementation at the source code level. Based on the new model, an experiment is carried out. It is shown in the experiment that our new model has advantage over previous models. Our new model will be helpful for designing and evaluating cryptographic protocol implementations at the source code level.

Fu-Sheng Wu, Huan-Guo Zhang

The Analysis of Malicious Group Based on Suspicious Communication Behavior Aggregation

Abstract

Evasive and persistent network attack is a kind of serious cyber security threat, which hides communication data in massive legitimate network traffic, to achieve the goal of avoiding detection, and reache the purpose of long-term latent and information theft. The Trojan, spyware, botnet and some APT can be classified as such attacks. To cope with this, this paper proposed an analysis approach of the malicious group based on suspicious communication behavior aggregation. Firstly, the evasive and persistent characteristics of the communication behaviors were studied, several features were extracted from the perspective of evasive and persistent characteristics, and the suspicious communication behavior detection model was built based on this. Furthermore, to determine the nature and purpose of such suspicious behavior, they are further studied by aggregation analysis from the perspective of communication behavior similarity, a behavior group discovery algorithm was presented based on density clustering method, and a framework was proposed for tracking and analyzing the behavior groups. Experimental results demonstrate that this approach can detect and excavate unknown attack and unknown malware, such as botnet, slow scanning, persistent service probe etc. Besides, it also found that some normal services have shown similar communication characteristics, such as NTP service, DHCP service etc.

Guolin Shao, Xingshu Chen, Xuemei Zeng, Xueyuan Yin, Xiaoming Ye, Yonggang Luo

Analysis of Vulnerability Correlation Based on Data Fitting

Abstract

Discovering the correlation between vulnerability is a significant method of vulnerability analysis. The traditional way focuses on single vulnerability rather than considers the relationship between several vulnerabilities. That may spend much time but achieve a poor effect. This paper presents a new method working on the vulnerability distribution data. This method applies logarithmic normal distribution to the distribution data of different categories of vulnerability to calculate their correlation coefficient. Then, the correlativity between different vulnerability classifications could be qualitatively determined. The experiment was performed on two types of vulnerability database, namely CNNVD and SecurityFocus. The correlativity of different vulnerability classification obtained by the proposed method is verified both quantitative and qualitative ways. The results highlight the effectiveness of the proposed method.

Long Wang, Rui Ma, HaoRan Gao, XiaJing Wang, ChangZhen Hu

Tracking the Mobile Jammer in Wireless Sensor Network by Using Meanshift Based Method

Abstract

Due to the openness of the wireless transmission medium, wireless communications can be vulnerable to malicious jamming attackers. Such Denial-of-Service (DOS) attacks can cause serious influence on the network performance of Wireless Sensor Networks (WSN). To address this issue, the jammer localization methods are widely researched. However, the localization methods focus on the static jammer. The realtime requirements will make these localization methods disabled when the jammer is mobile. Moreover, in WSN, the mobile jammer tracking method must be lightweight enough to bring less additional computation and communication overhead onto the sensor nodes. Therefore, a lightweight Meanshift based jammer tracking method which is independent of the wireless propagation parameters is proposed in this paper. The method uses the positions of nodes as basis and weights the “mass” of each node through the node state. Then, it tracks the jammer by searching the area with highest jamming density. We simulate a series of experiments in Matlab. The experimental results suggest that our proposed method is effective, and it can achieve the acceptable accuracy with less additional overhead when it is used to track the jammer source.

Liang Pang, Pengze Guo, Zhi Xue, Xiao Chen

New Upper Bounds on Degrees of Freedom for G-MIMO Relay Channel

Abstract

We study a general type of multiple-input multiple-output (G-MIMO) relay channels, which consist of two groups (A and B) of source nodes and one relay node. Both groups have arbitrarily many source nodes each of which is in turn equipped with an arbitrary number of antennas. A G-MIMO relay channel engages in two-way transmission of independent information via the relay node. We obtain a tight upper bound on the total degrees of freedom (DoF) for such G-MIMO relay channels. Under the reasonable assumption that the number of antennas at the relay node is no more than the total number of antennas of either Group A or Group B, we design an efficient transmission scheme to achieve the upper bound by using techniques of signal alignment and joint transceiver design for interference cancellation. At the end of the paper, we propose a future research topic to quantify the relationship between graded levels of network security and the corresponding DoF of the G-MIMO relay channels.

Xiao Chen, Liang Pang, Pengze Guo, Xingping Sun, Zhi Xue

Formalizing and Verifying GP TEE TA Interface Specification Using Coq

Abstract

The ARM TrustZone platform has provided a trusted execution environment (TEE) for mobile device to improve system security. The Global Platform presents a TEE Internal Core API Specification to define the TEE, the TEE system architecture, and the Internal and Client API specifications. However, hackers can still attack the TEE by means of the tampering the message stored in the communication buffer that is used to exchange information between the TEE and REE world. In order to solve this problem, this paper presents a formal security model of the Interface and verifies the correctness of this model using Coq based on the GP specification. The formalization identifies the TA Interface specification as well as modelling the valid trace of TA Interface based on a one-session application, which can effectively detect and filter the invalid TA service request that from REE. These results are useful for the standard institutions and TEE developers to develop security TA software and prevent from hackers attack.

Xia Yang, Zheng Yang, Haiyong Sun, Jingyu Liu

Research on Malicious Code Analysis Method Based on Semi-supervised Learning

Abstract

The research on classification method of malicious code is helpful for researchers to understand attack characteristics quickly, and help to reduce the loss of users and even the states. Currently, most of the malware classification methods are based on supervised learning algorithms, but it is powerless for the small number of labeled samples. Therefore, in this paper, we propose a new malware classification method, which is based on semi-supervised learning algorithm. First, we extract the impactful static features and dynamic features to serialize and obtain features of high dimension. Then, we select them with Ensemble Feature Grader consistent with Information Gain, Random Forest and Logistic Regression with \(L_1\) and \(L_2\), and reduce dimension again with PCA. Finally, we use Learning with local and global consistency algorithm with K-means to classify malwares. The experimental results of comparison among SVM, LLGC and K-means + LLGC show that using of the feature extraction, feature reduction and classification method, K-means + LLGC algorithm is superior to LLGC in both classification accuracy and efficiency, the accuracy is increased by 2% to 3%, and the accuracy is more than SVM when the number of labeled samples is small.

Tingting He, Jingfeng Xue, Jianwen Fu, Yong Wang, Chun Shan

Reliable Topology Control Algorithm in Cognitive Radio Networks

Abstract

In cognitive radio networks, the communication probability and available time of links among secondary uses are two important factors which are affected by the mobility of secondary users and the dynamism of primary user activities. Data packets are expected to be transmitted on stable links with high communication probability and long available time to avoid packet loss and retransmissions. However, existing topology control algorithms in cognitive radio networks only consider either the communication probability or the available time. To solve this problem, we propose a reliable topology control algorithm (RTCA) that employs such two factors to achieve reliable data transmission. RTCA first allows each pair of secondary users to communicate with each other by establishing a stable network, the topology of which is then optimized through reducing the edges while maintaining a high communication probability and a long available time. The simulation results and theoretical analysis demonstrate the effectiveness of the proposed algorithm.

Yali Zeng, Li Xu, Xiaoding Wang, Xu Yang

Practical Privacy-Preserving Outsourcing of Large-Scale Matrix Determinant Computation in the Cloud

Abstract

Jaggi-Sanders algorithm is generalized to its nonlinear form for multicast network. Precise details of the algorithm implementation and the proof on the algorithm existence are given. It may has meaningful significance in the two following aspects. First, it may offer a thinking for the urgent need to find a nonlinear coding scheme for non-multicast network some of which can not be coded by linear coding. Second, some interesting mathematical concepts such as shared agreements, composite functions and n-dimensional maximal independent set (nMIS) based on combinatorics are proposed. These new concepts may offer beneficial lessons for further research on nonlinear network coding.

Guangzhi Zhang, Shaobin Cai, Chunhua Ma, Dongqiu Zhang

Universal Secure Error-Correcting (SEC) Schemes for Network Coding via McEliece Cryptosystem Based on QC-LDPC Codes

Abstract

The McEliece cryptosystem based on quasi-cyclic low-density parity check (QC-LDPC) codes is presented to offer both security and error-correction simultaneously in network coding system. The characteristics of the cryptosystem make it does not need to reduce information rate additionally to offer security. The messages \(\mu \) is coded into x with QC-LDPC. x is transmitted through a network where a MDS network coding error-correcting scheme is performed. \(\rho \) links are observed by adversary and t errors occurs in the network. The characteristic of MDS codes make the errors can’t be spread, therefore, the corrupted packets which occur in t links will cause at most t errors in the received messages in the sink. As long as the number of errors occurs in the intermediate links is not beyond the minimum distance of QC-LDPC codes, the hybrid scheme can perform error-correcting and security simultaneously. The information rate reaches \(\mathrm{{(n}} - 2t)/n\) instead of \(\mathrm{{(n}} - \rho - 2t)/n\) where n is the max-flow min-cut.

Guangzhi Zhang, Shaobin Cai, Chunhua Ma, Dongqiu Zhang

A Research of Power Analysis Based on Multiple Classification Models

Abstract

Aiming at the problem that the single model classification algorithm has a low success rate when the number of training samples is low, We present a power analysis method that combines multiple classification models. We use DPA_Contest_V4 dataset to complete our experiment. First we use the traditional method to break the mask, and then we use SVM, RF and kNN classification algorithm to train and predict as base learners. Finally, we combine these models with ensemble learning or semi-supervised learning. The experimental results show that these two methods are both superior to the single model. Especially when the number of traces in the training set is small, the accuracy can be increased by more than 10%.

Biao Liu, Yang Pan, Jiali Li, Huamin Feng

Classification of Video-Based Public Opinion via Projection Metric Learning with Riemannian Triplet Constraint

Abstract

Network public opinion acts an important role in the field of information security. With the rapid development of internet technology applications, network public opinion has achieved great changes in the aspects of data size, category, and complexity. Furthermore, the video content information plays a more and more important role in the data of network public opinion. How to efficiently manage and utilize the video content information within network public opinion becomes a research hot spot in the field of the analysis of network public opinion. The main task of tackling video information is classifying the video contents in social networks which could strengthen the ability of public opinion classification. All the traditional video contents based classification methods consider the image sequence among the videos in the Euclidean space and extract the temporal and spatial features of the image sequence for utilizing. However, these approaches have not considered the implicit geometric construct among the frame images in the given video. Fortunately, every video can be considered as an element in the Riemannian manifold. Moreover, the Riemannian triplet constraint can be utilized to exploit more discriminative information from negative samples. In this paper, projection metric learning and Riemannian triplet constraint are integrated together to carry on the analysis of network public opinion upon the videos chosen from Youtube. Furthermore, two datasets selected from Youtube are utilized to validate the proposed method. In comparison with the existing related methods, the proposed method demonstrates better performance on matching rate and impostor removal efficiency.

Junfeng Tian, Yan Ha

A Trusted Routing Mechanism Suitable for the Sensing Nodes in Internet of Things

Abstract

The sensing layer of Internet of Things is composed of heterogeneous sensing networks, sensing layer data is fast and reliable transmission is the basis of trusted operation of the Internet of things, the choice of routing in the data transmission process is critical to the life cycle of the sensing node, the success rate of data transmission, and the feedback control of the network layer and application layer. But the current sensing layer routing mechanism lacks credible considerations for data transmission paths and its environmental adaptability is poor. In order to ensure that the Internet of things perceived layer of data quickly and reliably transmitted, this chapter presents a trusted routing mechanism for sensing nodes, based on the node trust measure, this model calculates the bandwidth and energy available between nodes, taking into account the influence of available bandwidth and energy on data transmission between nodes. It uses the dynamic programming method to calculate the trusted path of data transmission between nodes, to ensure that the data transmission between trusted nodes trusted. The routing mechanism proposed in this chapter has the characteristics of low overhead, high scalability and easy project realization. Simulation experiments show that the routing mechanism is good to against attack, extensive environmental adaptability, can effectively resist selective forwarding attacks, node hijacking attacks. Compared with the existing scheme, this mechanism effectively reduces the communication overhead in the routing establishment process, and significantly improves the network performance and has a good application prospect.

Yubo Wang, Bei Gong, Yichen Wang

An Efficient ID-Based Mutual Authentication and Key Agreement Protocol for Mobile Multi-server Environment Without a Trusted Registration Center and ESL Attack

Abstract

As the rapid development of Internet technology, more and more ID-based mutual authentication and key agreement (ID-MAKA) protocols for mobile multi-server environment have been proposed. However, almost all ID-MAKA schemes for multi-server architecture are based on a trusted registration center (RC). In the real world, RC may record and leak the user or server registration information. Through careful analysis, we found that a large number of related protocols are insecure under RC disclosure registration information (RCDRI) attack. At the same time, these protocols are likely to be attacked by ephemeral secret leakage (ESL) in view of the computing power of mobile clients. To solve the above problems, we propose a new ID-MAKA protocol for mobile multi-server that uses self-certified public key (SCPK) cryptography to achieve resistance to RCDRI attack and ESL attack. Because our scheme is based on an untrusted RC, the adversary has the ability to obtain the registration information from RC. In view of the above feature, we demonstrate the security of our scheme in a more robust security model, where the adversary has more ability. Finally, compared with previously proposed schemes, we show that our protocol has a high efficiency. Taking into account the security and efficiency, our protocol is more suitable for mobile clients.

Wei Li, Xue-lian Li, Jun-tao Gao, Hai-yu Wang

Research on Cryptographic Algorithm Recognition Based on Behavior Analysis

Abstract

Due to the abuse of cryptography technology and the difficulty to break encryption algorithm, ransomware has a huge threat to cyberspace. So how to detect the cryptographic algorithm in the recognition program plays an important role in the protection of information security. However, existing cryptographic algorithm identification and analysis technology has the disadvantages of low recognition efficiency, single analysis strategy, and they cannot identify program variants effectively. In view of these problems, this paper presents a cryptographic algorithm based on behavior analysis. Based on the behavior analysis, combined with the static structure and dynamic statistical characteristics of the key data, the subroutine of the target program is gradually screened, and the execution logic of the subroutine is analyzed. Finally, the cryptographic algorithm in the binary code of the program is obtained. Compared with the traditional signature-based technology, our technology has a better recognition rate with less resource occupation. What’s more, this technology can identify the program variants accurately, so it has a good application prospects.

Fei Yan, Yunlong Xing, Shiwei Zhang, Zhihan Yue, Yamin Zheng

A Struts2 Unknown Vulnerability Attack Detection and Backtracking Scheme Based on Multilayer Monitoring

Abstract

For Struts2, attacks using unknown vulnerabilities are difficult to be detected and the details of the exploit are hard to be figured out. In this paper, we analyze the internal structure of Struts2 framework and the details of recent remote code execution vulnerabilities. Then we implement the monitoring mechanism on Struts2 application source layer, OGNL language layer and Java virtual machine system layer, and build a common detection framework and vulnerability detail backtracking scheme of Struts2 unknown vulnerability attack. Finally, through the experiments based on almost all (including nine “unknown” and three known) of the Struts2 remote code execution vulnerabilities since 2013, the result shows that the scheme can detect all the vulnerabilities and quickly locate the exploiting details, while the average performance loss is only 2.4%.

Anqi Hu, Guojun Peng, Zhenhang Chen, Zejin Zhu

An Approach of Implementing Core Role Based Access Control Model Using Attribute Based Encryption

Abstract

Cloud Storage, which provides cost-efficient and scalable storage services, has emerged as a hot paradigm today. However, in the resource outsourcing environment such as cloud storage, the resource owner is separated from the resource superintendent, and the authorization decision is made by the untrusted outsourcing server, as a result of which the correct enforcement of the access control policies cannot be ensured. To keep the data confidential against unauthorized parties, cryptographic access control must be applied. In this paper, we present a new cryptographic approach of implementing Core Role based Access Control Model named ABE-RBAC. We use Attribute Based Encryption (ABE) to manage users, roles, permissions, as well as user role assignments (URA) and role permission assignments (RPA), which enables the resource owner to fully control the authorization management, and ensures the proper enforcement of access control polices. This is the first cryptographic core RBAC enforcement that completely conform to the standard GB/T 25062-2010.

Yong Wang, Xuemin Tong, Ming Li, Jingfeng Xue, Ji Zhang, Zhenyan Liu, Dan Hao, Ning Wang

Backmatter