Extending Expressive Access Policies with Privacy Features

Stefan More; Sebastian Ramacher; Lukas Alber; Marco Herzl

doi:10.1109/TrustCom56396.2022.00084

Extending Expressive Access Policies with Privacy Features

Stefan More, Sebastian Ramacher, Lukas Alber, Marco Herzl

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible

Originalsprache	englisch
Titel	The 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022)
Herausgeber (Verlag)	IEEE Computer Soc.
Seiten	574-581
Seitenumfang	8
ISBN (elektronisch)	9781665494250
DOIs	https://doi.org/10.1109/TrustCom56396.2022.00084 https://doi.org/10.48550/arXiv.2212.02454
Publikationsstatus	Veröffentlicht - März 2023
Veranstaltung	21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications: TrustCom 2022 - Wuhan, Hybrider Event, China Dauer: 9 Dez. 2022 → 11 Dez. 2022 http://www.ieee-hust-ncc.org/2022/TrustCom/

Konferenz

Konferenz	21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Kurztitel	TrustCom 2022
Land/Gebiet	China
Ort	Hybrider Event
Zeitraum	9/12/22 → 11/12/22
Internetadresse	http://www.ieee-hust-ncc.org/2022/TrustCom/

ASJC Scopus subject areas

Informationssysteme und -management
Sicherheit, Risiko, Zuverlässigkeit und Qualität
Information systems
Gesundheitsinformatik
Computernetzwerke und -kommunikation

Zugriff auf Dokument

paper-zkTPLEndgültige, publizierte Fassung, 686 KBLizenz: CC BY-NC 4.0

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

EU - KRAKEN - Vermittlungs- und Marktplattform für personenbezogene Daten
Tauber, A.
1/12/19 → 30/11/22
Projekt: Forschungsprojekt

Extending Expressive Access Policies with Privacy Features
Stefan Josef More (Redner/in) & Sebastian Ramacher (Beitragende/r)
Nov. 2022
Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science

Dieses zitieren

Extending Expressive Access Policies with Privacy Features. / More, Stefan; Ramacher, Sebastian; Alber, Lukas et al.
The 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022). IEEE Computer Soc., 2023. S. 574-581.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

More, S, Ramacher, S, Alber, L & Herzl, M 2023, Extending Expressive Access Policies with Privacy Features. in The 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022). IEEE Computer Soc., S. 574-581, 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Hybrider Event, China, 9/12/22. https://doi.org/10.1109/TrustCom56396.2022.00084, https://doi.org/10.48550/arXiv.2212.02454

@inproceedings{814b2227759240eb985d2d0048386df9,

title = "Extending Expressive Access Policies with Privacy Features",

abstract = "Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible",

keywords = "access control, policy languages, privacy, zero-knowledge proofs",

author = "Stefan More and Sebastian Ramacher and Lukas Alber and Marco Herzl",

year = "2023",

month = mar,

doi = "10.1109/TrustCom56396.2022.00084",

language = "English",

pages = "574--581",

booktitle = "The 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022)",

publisher = "IEEE Computer Soc.",

note = "21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications : TrustCom 2022, TrustCom 2022 ; Conference date: 09-12-2022 Through 11-12-2022",

url = "http://www.ieee-hust-ncc.org/2022/TrustCom/",

}

TY - GEN

T1 - Extending Expressive Access Policies with Privacy Features

AU - More, Stefan

AU - Ramacher, Sebastian

AU - Alber, Lukas

AU - Herzl, Marco

PY - 2023/3

Y1 - 2023/3

N2 - Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible

AB - Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.However, current policy languages are unable to express such conditions having privacy of users in mind. With privacy-preserving technologies, users are enabled to prove information to the access system without revealing it.In this work, we present a generic design for supporting privacy-preserving technologies in policy languages. Our design prevents unnecessary disclosure of sensitive information while still allowing the formulation of expressive rules for access control. For that we make use of zero-knowledge proofs (NIZKs). We demonstrate our design by applying it to the TPL policy language, while using SNARKs. Also, we evaluate the resulting ZK-TPL language and its associated toolchain. Our evaluation shows that for regular-sized credentials communication and verification overhead is negligible

KW - access control

KW - policy languages

KW - privacy

KW - zero-knowledge proofs

UR - http://www.scopus.com/inward/record.url?scp=85144813826&partnerID=8YFLogxK

U2 - 10.1109/TrustCom56396.2022.00084

DO - 10.1109/TrustCom56396.2022.00084

M3 - Conference paper

SP - 574

EP - 581

BT - The 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2022)

PB - IEEE Computer Soc.

T2 - 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Y2 - 9 December 2022 through 11 December 2022

ER -

Extending Expressive Access Policies with Privacy Features

Abstract

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

EU - KRAKEN - Vermittlungs- und Marktplattform für personenbezogene Daten

Aktivitäten

Extending Expressive Access Policies with Privacy Features

Dieses zitieren