Access Control with Hidden Policy and Credential

Abstract

The rapid growth of web service based service-oriented architecture has promoted the use of composite web services. A composite web service loosely connects a set of web services to provide a complex application. When a composite service is invoked, the service providers that make up the composite service might invoke the operations of each other to carry out the tasks specified for the complex application. During the invocation of the services, information is passed among the service providers. As web services are increasingly used in many vital applications, e.g. banking, e-government, etc., a large amount of sensitive data is being hosted by web services. The users of these applications might have different privacy requirements regarding their data stored on the service providers. To allow the different privacy requirements of different users to be addressed, many existing schemes allow each data item to have its own access control policy specified. As data items might be passed among the service providers, in order to carry out access control on these data items, the policies of these data items should also be passed among the service providers. However, for privacy reasons, some of the users might want their access control policies to remain restricted or confidential to some service providers. That is, the service providers that evaluate the access control policy and the service providers that want to access the data cannot comprehend the contents of the access control policy. Similarly, for some service providers or users, when they submit their credentials to a service provider for access control evaluation, they do not want the service providers to understand the contents of their credentials. Existing access control schemes for web services have not addressed the privacy issues relating to access control policies. Clearly, an efficient and privacy-aware access control mechanism for composite web services is needed for safeguarding the access to the data stored on the service providers. This thesis proposed a role-based and privacy-aware access control scheme for composite web services. To preserve the privacy of the access control policy and the credentials of users and servers, the scheme uses cryptographic techniques to obscure the contents of access control policies and the credentials of users and servers. To make the scheme efficient, when checking whether an access request can be granted, the proposed scheme does not require the service providers to communicate with each other. The checking can be conducted based on local knowledge (i.e. the information available on the server that carries out the checking). A prototype of the scheme has been implemented and the overheads of the scheme were measured.