Privacy-aware proof-carrying authorization

Matteo Maffei, Kim Pecina
2011 Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security - PLAS '11  
Proof-carrying authorization (PCA) is one of the most popular approaches for the enforcement of access control policies. In a nutshell, the idea is to formalize a policy as a set of logical rules and to let the requester construct a formal proof showing that she has permissions to access the desired resource according to the provider's policy. This policy may depend on logical formulas that are assumed by other principals in the system. The validity of these formulas is witnessed by digital
more » ... atures. The usage of digital signatures, however, has a serious drawback, i.e., sensitive data are leaked to the verifier, which severely limits the applicability of PCA. In this paper, we introduce the notion of privacy-aware proof-carrying authorization, an extension of PCA based on a powerful combination of digital signatures and zero-knowledge proofs of knowledge of such signatures. The former are used to witness the validity of logical formulas, the latter to selectively hide sensitive data. Our framework supports a variety of privacy properties, such as data secrecy and user anonymity. We conducted an experimental evaluation to demonstrate the feasibility of our approach.
doi:10.1145/2166956.2166963 dblp:conf/pldi/MaffeiP11 fatcat:nqd3czftybbyfbxv24d2ech6ee