Access Control with Hidden Policy and Credential

Show simple item record

dc.contributor.advisor Ye, X en
dc.contributor.author Gao, Mingyu en
dc.date.accessioned 2012-02-29T00:45:40Z en
dc.date.issued 2012 en
dc.identifier.uri http://hdl.handle.net/2292/12247 en
dc.description Full text is available to authenticated members of The University of Auckland only. en
dc.description.abstract The rapid growth of web service based service-oriented architecture has promoted the use of composite web services. A composite web service loosely connects a set of web services to provide a complex application. When a composite service is invoked, the service providers that make up the composite service might invoke the operations of each other to carry out the tasks specified for the complex application. During the invocation of the services, information is passed among the service providers. As web services are increasingly used in many vital applications, e.g. banking, e-government, etc., a large amount of sensitive data is being hosted by web services. The users of these applications might have different privacy requirements regarding their data stored on the service providers. To allow the different privacy requirements of different users to be addressed, many existing schemes allow each data item to have its own access control policy specified. As data items might be passed among the service providers, in order to carry out access control on these data items, the policies of these data items should also be passed among the service providers. However, for privacy reasons, some of the users might want their access control policies to remain restricted or confidential to some service providers. That is, the service providers that evaluate the access control policy and the service providers that want to access the data cannot comprehend the contents of the access control policy. Similarly, for some service providers or users, when they submit their credentials to a service provider for access control evaluation, they do not want the service providers to understand the contents of their credentials. Existing access control schemes for web services have not addressed the privacy issues relating to access control policies. Clearly, an efficient and privacy-aware access control mechanism for composite web services is needed for safeguarding the access to the data stored on the service providers. This thesis proposed a role-based and privacy-aware access control scheme for composite web services. To preserve the privacy of the access control policy and the credentials of users and servers, the scheme uses cryptographic techniques to obscure the contents of access control policies and the credentials of users and servers. To make the scheme efficient, when checking whether an access request can be granted, the proposed scheme does not require the service providers to communicate with each other. The checking can be conducted based on local knowledge (i.e. the information available on the server that carries out the checking). A prototype of the scheme has been implemented and the overheads of the scheme were measured. en
dc.publisher ResearchSpace@Auckland en
dc.relation.ispartof Masters Thesis - University of Auckland en
dc.rights Items in ResearchSpace are protected by copyright, with all rights reserved, unless otherwise indicated. Previously published items are made available in accordance with the copyright policy of the publisher. en
dc.rights Restricted Item. Available to authenticated members of The University of Auckland. en
dc.rights.uri https://researchspace.auckland.ac.nz/docs/uoa-docs/rights.htm en
dc.rights.uri http://creativecommons.org/licenses/by-nc-sa/3.0/nz/ en
dc.title Access Control with Hidden Policy and Credential en
dc.type Thesis en
thesis.degree.grantor The University of Auckland en
thesis.degree.level Masters en
dc.rights.holder Copyright: The author en
pubs.elements-id 306858 en
pubs.record-created-at-source-date 2012-02-29 en


Files in this item

Find Full text

This item appears in the following Collection(s)

Show simple item record

Share

Search ResearchSpace


Browse

Statistics