• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3274-3297
• /
• 2021

Permission delegation is an important research issue in access control. It allows a user to delegate some of his permissions to others to reduce his workload, or enables others to complete some tasks on his behalf when he is unavailable to do so. As an ideal solution for controlling read access on outsourced data objects on the cloud, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has attracted much attention. Some existing CP-ABE schemes handle the read permission delegation through the delegation of the user's private key to others. Still, these schemes lack the further consideration of granularity and traceability of the permission delegation. To this end, this article proposes a flexible and fine-grained CP-ABE key delegation approach that supports white-box traceability. In this approach, the key delegator first examines the relations between the data objects, read permission thereof that he intends to delegate, and the attributes associated with the access policies of these data objects. Then he chooses a minimal attribute set from his attributes according to the principle of least privilege. He constructs the delegation key with the minimal attribute set. Thus, we can achieve the shortest delegation key and minimize the time of key delegation under the premise of guaranteeing the delegator's access control requirement. The Key Generation Center (KGC) then embeds the delegatee's identity into the key to trace the route of the delegation key. Our approach prevents the delegatee from combining his existing key with the new delegation key to access unauthorized data objects. Theoretical analysis and test results show that our approach helps the KGC transfer some of its burdensome key generation tasks to regular users (delegators) to accommodate more users.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.19-29
• /
• 2008

In case of unit testing, White-box test can be used to closely check source code and to analyze logic and statement errors. On the other hand, in case of function testing of system level, Black-box test can be mainly used to compare actual and expected results by inputting test data because the scale of function is large. This Black-Box test in system testing level has problem in tracing errors in source code when we find errors. Moreover applying White-box test is not easy for system testing level because the levels of test target are different. Therefore this paper suggests the vertical test method of a practical and integrated system level which can checks up to source code level using White-box test style although it aims to test the highly abstract level like a system function. In addition, the experiment explains how to apply the vertical test by displaying an example which traces from UML specification model to the source code and also shows efficiency of error trace.