Cryptographic enforcement of information flow policies without public information via tree partitions

We may enforce an information flow policy by encrypting a protected resource and ensuring that only users authorized by the policy are able to decrypt the resource. In most schemes in the literature that use symmetric cryptographic primitives, each user is assigned a single secret and derives decryption keys using this secret and publicly available information. Recent work has challenged this approach by developing schemes, based on a chain partition of the information flow policy, that do not require public information for key derivation, the trade-off being that a user may need to be assigned more than one secret. In general, many different chain partitions exist for the same policy and, until now, it was not known how to compute an appropriate one. In this paper, we introduce the notion of a tree partition, of which chain partitions are a special case. We show how a tree partition may be used to define a cryptographic enforcement scheme and prove that such schemes can be instantiated in such a way as to preserve the strongest security properties known for cryptographic enforcement schemes. We establish a number of results linking the amount of secret material that needs to be distributed to users with a weighted acyclic graph derived from the tree partition. These results enable us to develop efficient algorithms for deriving tree and chain partitions that minimize the amount of secret material that needs to be distributed.Comment: Extended version of conference papers from ACNS 2015 and DBSec 201

A Multivariate Approach for Checking Resiliency in Access Control

In recent years, several combinatorial problems were introduced in the area of access control. Typically, such problems deal with an authorization policy, seen as a relation $UR \subseteq U \times R$, where $(u, r) \in UR$ means that user $u$ is authorized to access resource $r$. Li, Tripunitara and Wang (2009) introduced the Resiliency Checking Problem (RCP), in which we are given an authorization policy, a subset of resources $P \subseteq R$, as well as integers $s \ge 0$, $d \ge 1$ and $t \geq 1$. It asks whether upon removal of any set of at most $s$ users, there still exist $d$ pairwise disjoint sets of at most $t$ users such that each set has collectively access to all resources in $P$. This problem possesses several parameters which appear to take small values in practice. We thus analyze the parameterized complexity of RCP with respect to these parameters, by considering all possible combinations of $|P|, s, d, t$. In all but one case, we are able to settle whether the problem is in FPT, XP, W[2]-hard, para-NP-hard or para-coNP-hard. We also consider the restricted case where $s=0$ for which we determine the complexity for all possible combinations of the parameters

Polynomial Kernels and User Reductions for the Workflow Satisfiability Problem

The Workflow Satisfiability Problem (WSP) is a problem of practical interest that arises whenever tasks need to be performed by authorized users, subject to constraints defined by business rules. We are required to decide whether there exists a plan -- an assignment of tasks to authorized users -- such that all constraints are satisfied. The WSP is, in fact, the conservative Constraint Satisfaction Problem (i.e., for each variable, here called task, we have a unary authorization constraint) and is, thus, NP-complete. It was observed by Wang and Li (2010) that the number k of tasks is often quite small and so can be used as a parameter, and several subsequent works have studied the parameterized complexity of WSP regarding parameter k. We take a more detailed look at the kernelization complexity of WSP(\Gamma) when \Gamma\ denotes a finite or infinite set of allowed constraints. Our main result is a dichotomy for the case that all constraints in \Gamma\ are regular: (1) We are able to reduce the number n of users to n' <= k. This entails a kernelization to size poly(k) for finite \Gamma, and, under mild technical conditions, to size poly(k+m) for infinite \Gamma, where m denotes the number of constraints. (2) Already WSP(R) for some R \in \Gamma\ allows no polynomial kernelization in k+m unless the polynomial hierarchy collapses.Comment: An extended abstract appears in the proceedings of IPEC 201

SoNeUCON_{ABC}Pro: an access control model for social networks with translucent user provenance

Proceedings of: SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017Web-Based Social Networks (WBSNs) are used by millions of people worldwide. While WBSNs provide many benefits, privacy preservation is a concern. The management of access control can help to assure data is accessed by authorized users. However, it is critical to provide sufficient flexibility so that a rich set of conditions may be imposed by users. In this paper we coin the term user provenance to refer to tracing users actions to supplement the authorisation decision when users request access. For example restricting access to a particular photograph to those which have “liked” the owners profile. However, such a tracing of actions has the potential to impact the privacy of users requesting access. To mitigate this potential privacy loss the concept of translucency is applied. This paper extends SoNeUCONABC model and presents SoNeUCONABCPro, an access control model which includes translucent user provenance. Entities and access control policies along with their enforcement procedure are formally defined. The evaluation demonstrates that the system satisfies the imposed goals and supports the feasibility of this model in different scenarios.This work was supported by the MINECO grants TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and TIN2016-79095-C2-2-R (SMOG-DEV); by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks); and by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain (J. M. de Fuentes and L. Gonzalez-Manzano grants)

Weak, Strong and Dynamic Controllability of Access-Controlled Workflows Under Conditional Uncertainty

A workflow (WF) is a formal description of a business process in which single atomic work units (tasks), organized in a partial order, are assigned to processing entities (agents) in order to achieve some business goal(s). A workflow management system must coordinate the execution of tasks and WF instances. Usually, the assignment of tasks to agents is accomplished by external constraints not represented in a WF. An access-controlled workflow (ACWF) extends a classical WF by explicitly representing agent availability for each task and authorization constraint. Authorization constraints model which users are authorized for which tasks depending on \u201cwho did what\u201d. Recent research has addressed temporal controllability of WFs under conditional and temporal uncertainty. However, controllability analysis for ACWFs under conditional uncertainty has never been addressed before. In this paper, we define weak, strong and dynamic controllability of ACWFs under conditional uncertainty, we present algorithmic approaches to address each of these types of controllability, and we synthesize execution strategies that specify which user has been (or will be) assigned to which task

Binary and Millisecond Pulsars at the New Millennium

We review the properties and applications of binary and millisecond pulsars. Our knowledge of these exciting objects has greatly increased in recent years, mainly due to successful surveys which have brought the known pulsar population to over 1300. There are now 56 binary and millisecond pulsars in the Galactic disk and a further 47 in globular clusters. This review is concerned primarily with the results and spin-offs from these surveys which are of particular interest to the relativity community.Comment: 59 pages, 26 figures, 5 tables. Accepted for publication in Living Reviews in Relativity (http://www.livingreviews.org

6-Shogaol reduced chronic inflammatory response in the knees of rats treated with complete Freund's adjuvant

BACKGROUND: 6-Shogaol is one of the major compounds in the ginger rhizome that may contribute to its anti-inflammatory properties. Confirmation of this contribution was sought in this study in Sprague- Dawley rats (200–250 g) treated with a single injection (0.5 ml of 1 mg/ml) of a commercial preparation of complete Freund's Adjuvant (CFA) to induce monoarthritis in the right knee over a period of 28 days. During this development of arthritis, each rat received a daily oral dose of either peanut oil (0.2 ml-control) or 6-shogaol (6.2 mg/Kg in 0.2 ml peanut oil). RESULTS: Within 2 days of CFA injection, the control group produced maximum edematous swelling of the knee that was sustained up to the end of the investigation period. But, in the 6-shogaol treated group, significantly lower magnitudes of unsustained swelling of the knees (from 5.1 ± 0.2 mm to 1.0 ± 0.2 mm, p < 0.002, n = 6) were produced during the investigation period. Unsustained swelling of the knees (from 3.2 ± 0.6 mm to 0.8 ± 1.1 mm, p < 0.00008, n = 6) was also produced after 3 days of treatment with indomethacin (2 mg/Kg/day) as a standard anti-inflammatory drug, but during the first 2 days of drug treatment swelling of the knees was significantly larger (11.6 ± 2.0 mm, p < 0.0002, n = 6) than either the controls or the 6-shogaol treated group of rats. This exaggerated effect in the early stage of indomethacin treatment was inhibited by montelukast, a cysteinyl leukotriene receptor antagonist. Also, 6-shogaol and indomethacin were most effective in reducing swelling of the knees on day 28 when the controls still had maximum swelling. The effect of 6-shogaol compared to the controls was associated with significantly lower concentration of soluble vascular cell adhesion molecule-1 (VCAM-1) in the blood and infiltration of leukocytes, including lymphocytes and monocytes/macrophages, into the synovial cavity of the knee. There was also preservation of the morphological integrity of the cartilage lining the femur compared to damage to this tissue in the peanut oil treated control group of rats. CONCLUSION: From these results, it is concluded that 6-shogaol reduced the inflammatory response and protected the femoral cartilage from damage produced in a CFA monoarthritic model of the knee joint of rats