TY - JOUR
T1 - Fine-grained access control based on Trusted Execution Environment
AU - Fan, Yongkai
AU - Liu, Shengle
AU - Tan, Gang
AU - Qiao, Fei
N1 - Publisher Copyright:
© 2018 Elsevier B.V.
PY - 2020/8
Y1 - 2020/8
N2 - With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information (such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes.
AB - With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information (such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes.
UR - http://www.scopus.com/inward/record.url?scp=85048861484&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048861484&partnerID=8YFLogxK
U2 - 10.1016/j.future.2018.05.062
DO - 10.1016/j.future.2018.05.062
M3 - Article
AN - SCOPUS:85048861484
SN - 0167-739X
VL - 109
SP - 551
EP - 561
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -