Secure Attribute-Based Systems


Attributes are an intuitive and powerful building block in the design of secure systems. However, existing attribute systems are limited in their ability to secure distributed systems by their inflexible structure and performance.

We introduce new attribute systems based on emerging attribute-based encryption (ABE) cryptographic primitives. We define a descriptive policy language and develop constructions that meet the needs of logically complex policies. We also explore the use and performance of such policies in two example applications: a HIPAA compliant distributed filesystem and a social network. Additional performance analysis demonstrates the ability to optimize the execution time of operations including encryption (for policies with up to 32 attributes) by as much as 98%. Through such formal and empirical analyses, we demonstrate that our attribute system is an efficient solution for securing large, loosely coupled, distributed systems.

Downloads

Attribute-Based Cryptosystem Library

Related Publications

P. Traynor, K. Butler, W. Enck, and P. McDaniel, Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. ISOC Network and Distributed System Security Symposium (NDSS), February 2008.

M. Pirretti, P. Traynor, P. McDaniel and B. Waters, Secure Attribute-Based Systems, Proceedings of the Thirteenth ACM Conference on Computer and Communications Security (CCS), November 2006. [Full Paper: pdf]