Article

Succinct specifications of portable document access policies

Authors:

Mikhail AtallahAuthors Info & Claims

SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Pages 41 - 50

https://doi.org/10.1145/990036.990043

Published: 02 June 2004 Publication History

Abstract

When customers need to each be given portable access rights to subset of documents from large universe of n vailable documents, it is often the case that the space vailable for representing each customer's access rights is limited to much less than n, say it is no more than m bits. This is the case when, e.g., limited-capacity inexpensive cards are used to store the access rights to huge multimedia document databases. How does one represent subsets of huge set of n elements,when only m bits re v il ble and m is much smaller than n? We use an approach reminiscent of Bloom filters, by assigning to each document subset of the m bits: If that document is in customer's subset then we set the corresponding bits to 1 on the customer's card. This guarantees that each customer gets the documents he paid for, but it also gives him access to documents he did not pay for ("false positives"). We want to do so in a manner that minimizes the expected total false positives under various deterministic and probabilistic models: In the former model we assume k customers whose respective subsets are known priori, whereas in the latter we assume (more realistically) that each document has probability of being included in customer's subset. We cannot use randomly assigned bits for each document (in the way Bloom filters do), rather we need to consider the priori knowledge (deterministic orprobabilistic) we are given in each model in order to better ssign subset of the m vailable bits to each of the n documents. We analyze and give efficient schemes for this problem.

References

[1]

M. Atallah and M. Bykova. "Portable and Flexible Document Access Control Mechanisms, "Working paper, 2004.]]

[2]

M. Atallah, K. Frikken, C. Black, S. Overstreet, and P. Bhatia. "Digital Rights Management, "Practical Handbook of Internet Computing Munindar Singh (Ed.), CRC Press, 2004.]]

[3]

M. Atallah and J. Li. "Enhanced Smart-card based License Management, "IEEE International Conference on E-Commerce (CEC), 24--27 June 2003, pp. 111--119.]]

[4]

T. Aura and D. Gollmann. "Software License Management with Smart Cards, "USENIX Workshop on Smart Card Technology USENIX Association, May 1999.]]

Digital Library

[5]

E. Bertino, B. Crminti, E. Ferrri, B. Thuraisingham and A. Gupta. "Selective and Authentic Third-party Distribution of XML Documents, "Working Paper, Sloan School of Management, MIT, 2002, http://papers.ssrn.com/sol3/papers.cfm? abstract id=299935.]]

[6]

E. Bertino, S. Castano and E. Ferrari. "On Specifying Security Policies for Web Documents with an XML-based Language, "SACMAT'01, Chantilly, USA, May 2001.]]

Digital Library

[7]

E. Bertino, S. Castano and E. Ferrari. "Securing XML Documents with Author-χ, "IEEE Internet Computing, Vol. 5, No. 3, pp. 21--31, 2001.]]

Digital Library

[8]

E. Bertino and E. Ferrari. "Secure and Selective Dissemination of XML Documents, "ACM Transactions on Information and System Security, Vol. 5, No. 3, August 2002, pp. 290--331.]]

Digital Library

[9]

B. Bloom. "Space/time trade-offs in hash coding with allowable errors. "Communications of the ACM, Vol . 13, No. 7, pp. 422--426, 1970.]]

Digital Library

[10]

A. Broder and M. Mitzenmacher. "Network Applications of Bloom Filters: A Survey, "Allerton Conference 2002.]]

[11]

D. Damiani, S. De Capitani Di Vimercati, S. Paraboschi and P. Samarati. "A Fine-Grained Access Control System for XML Documents, "ACM Transactions on Information and System Security, Vol. 5, No. 2, May 2002, pp.169--202.]]

Digital Library

[12]

P. Devanbu, M. Gertz, A. Kwong, C. Martel and G. Nuckolls. "Flexible Authentication of XML Documents, "CCS'01, Philadelphia, USA, November 2001.]]

Digital Library

[13]

L. Fan, P. Cao, J. Almeida and A. Broder, "Summary Cache: A Scalable Wide-Are Web Cache Sharing Protocol, "IEEE/ACM Transactions on Networking, Vol.8, No. 3, pp. 281--293, 2000.]]

Digital Library

[14]

M. Garey and D. Johnson. Computers and intractability: A guide to the theory of NP-completeness. Freeman, Oxford, UK, 1979.]]

Digital Library

[15]

M. Mitzenmacher, "Compressed Bloom Filters, "ACM symposium on Principles of distributed computing Newport,Rhode Island, US, August 2001.]]

Digital Library

[16]

S. Payette and C. Lagoze. "Policy-Carrying, Policy-Enforcing Digital Objects, "Research and Advanced Technology for Digital Libraries, 4th European Conference, ECDL 2002, Vol.1923, pp. 144--157, 2000.]]

Digital Library

[17]

M. Stonebraker and L. Rowe, "The Design of POSTGRES, "ACM SIGMOD Conference on Management of Data Washington, D.C., May 1986.]]

Digital Library

[18]

C. Wong and A. Yao. "A Combinatorial Optimization Problem Related to Data Set Allocation, "Revue Francaise D'Automatique, Informatique, Recherche Operationnelle, Suppl. No.5 (1976), pp.83--96.]]

Cited By

Blanton MAtallah M(2006)Succinct representation of flexible and privacy-preserving access rightsThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-006-0006-115:4(334-354)Online publication date: 1-Nov-2006
https://dl.acm.org/doi/10.1007/s00778-006-0006-1
Blanton MAtallah MFerrari EAhn G(2005)Provable bounds for portable and flexible privacy-preserving accessProceedings of the tenth ACM symposium on Access control models and technologies10.1145/1063979.1063997(95-101)Online publication date: 1-Jun-2005
https://dl.acm.org/doi/10.1145/1063979.1063997
Bertino ESandhu R(2005)Database Security-Concepts, Approaches, and ChallengesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2005.92:1(2-19)Online publication date: 1-Jan-2005
https://dl.acm.org/doi/10.1109/TDSC.2005.9
Show More Cited By

Index Terms

Succinct specifications of portable document access policies

Recommendations

Authorized! access denied, unauthorized! access granted
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Existing access control systems are mostly identity-based. However, such access control systems impose risks because recognized identity is not essentially an interpretation of good intentions of access. On the other hand, an un-identified individual ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

June 2004

182 pages

ISBN:1581138725

DOI:10.1145/990036

General Chair:
Trent Jaeger
IBM Research
,
Program Chair:
Elena Ferrari
University of Insubria, Italy

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT04

Sponsor:

SACMAT04: 9th ACM Symposium on Access Control Models and Technologies 2004

June 2 - 4, 2004

New York, Yorktown Heights, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
431
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Blanton MAtallah M(2006)Succinct representation of flexible and privacy-preserving access rightsThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-006-0006-115:4(334-354)Online publication date: 1-Nov-2006
https://dl.acm.org/doi/10.1007/s00778-006-0006-1
Blanton MAtallah MFerrari EAhn G(2005)Provable bounds for portable and flexible privacy-preserving accessProceedings of the tenth ACM symposium on Access control models and technologies10.1145/1063979.1063997(95-101)Online publication date: 1-Jun-2005
https://dl.acm.org/doi/10.1145/1063979.1063997
Bertino ESandhu R(2005)Database Security-Concepts, Approaches, and ChallengesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2005.92:1(2-19)Online publication date: 1-Jan-2005
https://dl.acm.org/doi/10.1109/TDSC.2005.9
Atallah MBykova M(2004)Portable and Flexible Document Access Control MechanismsComputer Security – ESORICS 200410.1007/978-3-540-30108-0_12(193-208)Online publication date: 2004
https://doi.org/10.1007/978-3-540-30108-0_12

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents