Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

A role and attribute based encryption approach to privacy and security in cloud based health services

Cloud computing is a rapidly emerging computing paradigm which replaces static and expensive data centers, network and software infrastructure with dynamically scalable “cloud based” services offered by third party providers on an on-demand basis. However, with the potential for seemingly limitless scalability and reduced infrastructure costs comes new issues regarding security and privacy as processing and storage tasks are delegated to potentially untrustworthy cloud providers. For the eHealth industry this loss of control makes adopting the cloud problematic when compliance with privacy laws (such HIPAA, PIPEDA and PHIPA) is required and limits third party access to patient records. This thesis presents a RBAC enabled solution to cloud privacy and security issues resulting from this loss of control to a potentially untrustworthy third party cloud provider, which remains both scalable and distributed. This is accomplished through four major components presented, implemented and evaluated within this thesis; the DOSGi based Health Cloud eXchange (HCX) architecture for managing and exchanging EHRs between authorized users, the Role Based Access Control as a Service (RBACaaS) model and web service providing RBAC policy enforcement and services to cloud applications, the Role Based Single Sign On (RBSSO) protocol, and the Distributed Multi-Authority Ciphertext-Policy Shared Attribute-Based Encryption (DMACPSABE) scheme for limiting access to sensitive records dependent on attributes (or roles) assigned to users. We show that when these components are combined the resulting system is both scalable (scaling at least linearly with users, request, records and attributes), secure and provides a level of protection from the cloud provider which preserves the privacy of user’s records from any third party. Additionally, potential use cases are presented for each component as well as the overall system