TY - JOUR
T1 - Fine-grained access control based on Trusted Execution Environment
AU - Fan, Yongkai
AU - Liu, Shengle
AU - Tan, Gang
AU - Qiao, Fei
N1 - Funding Information:
Gang Tan received his B.E. in Computer Science from Tsinghua University in 1999, and his Ph.D. in Computer Science from Princeton University in 2005. He is an Associate Professor at Penn State University, University Park, USA. He was a recipient of an NSF Career award and won James F. Will Career Development Professorship. He leads the Security of Software (SOS) lab at Penn State. He is interested in methodologies that help create reliable and secure software systems.
Funding Information:
This work was partially supported by Science Foundation of China University of Petroleum (Beijing) , China, by Beijing Higher Education Young Elite Teacher Project , China (No. YETP0683 ), by Beijing Higher Education Teacher Project , China (No. 00001149 ).
Publisher Copyright:
© 2018 Elsevier B.V.
PY - 2020/8
Y1 - 2020/8
N2 - With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information (such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes.
AB - With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information (such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes.
UR - http://www.scopus.com/inward/record.url?scp=85048861484&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048861484&partnerID=8YFLogxK
U2 - 10.1016/j.future.2018.05.062
DO - 10.1016/j.future.2018.05.062
M3 - Article
AN - SCOPUS:85048861484
SN - 0167-739X
VL - 109
SP - 551
EP - 561
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -