Towards Pervasive Cryptographic Access Control Models

Mikko Kiviharju


Access control lies at the heart of any technical information security and information assurance system. Access control is traditionally enforced by reference monitors, which are assumed to be able to reliably monitor and mediate all traffic from users to objects. An alternative view to enforcement is cryptography, referred to as cryptographic access control (CAC). CAC has gained popularity with the emergence of distributed computing, especially cloud computing and “everything as a service”. CAC is not a formal model, but an enforcement paradigm. In this paper we propose an extension to the current CAC framework and discuss the limits, where it is in general feasible to extend CAC as a paradigm over reference monitors.


  1. Bell, D., LaPadula, L., 1973. Secure Computer Systems: Mathematical Foundations. MITRE Technical Report 2547, vol. 1. MITRE.
  2. Bethencourt, J., Sahai, A., Waters, B., 2007. CiphertextPolicy Attribute-Based Encryption. In IEEE Symposium on Security and Privacy 2007, IEEE Computer Society. pp. 321 - 334.
  3. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P., 2007. Over-encryption: Management of Access Control Evolution on Outsourced Data. In Very Large Databases (VLDB) 2007 - Conference Proceedings, ACM. pp. 123-134.
  4. Ferraiolo, D., Kuhn, D., 1992. Role Based Access Control. In 15th National Computer Security Conference - Conference Proceedings. pp. 554-563.
  5. Gentry, C., 2009. A Fully Homomorphic Encryption Scheme. PhD Dissertation in Stanford University. [Online], Available [11.3.2012].
  6. Khader, D., 2007. Attribute Based Group Signature Scheme. [Online], Available: http://eprint.iacr. org/2007/159 [8.3.2012].
  7. Kiviharju, M., 2010. Content-Based Information Security (CBIS): Definitions, Requirements and Cryptographic Architecture, FDF Technical Research Centre.
  8. McGovern, S., 2001. Information Security Requirements for a Coalition Wide Area Network Thesis in Naval Postgraduate School, Monterey, California, NPS/CISR.
  9. Microsoft, 2007. How to set, view, change, or remove special permissions for files and folders in Windows XP. [Online], Available: kb/308419 [11.3.2012].
  10. Naor, D., Naor, M., Lotspiech, J., 2001. Revocation and Tracing Schemes for Stateless Receivers. In CRYPTO 2001 - Conference Proceedings, Springer-Verlag. pp. 41-62.
  11. Savoie, J., 2004. A Strong three-factor authentication device: TrustedDAVE and the new Generic ContentBased Information Security (CBIS) architecture, Technical Memorandum TM 2004-198, DRDC Ottawa.

Paper Citation

in Harvard Style

Kiviharju M. (2012). Towards Pervasive Cryptographic Access Control Models . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 239-244. DOI: 10.5220/0004042502390244

in Bibtex Style

author={Mikko Kiviharju},
title={Towards Pervasive Cryptographic Access Control Models},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Towards Pervasive Cryptographic Access Control Models
SN - 978-989-8565-24-2
AU - Kiviharju M.
PY - 2012
SP - 239
EP - 244
DO - 10.5220/0004042502390244