{"id":1222,"date":"2016-07-22T07:08:26","date_gmt":"2016-07-22T07:08:26","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=1222"},"modified":"2017-05-22T14:05:59","modified_gmt":"2017-05-22T14:05:59","slug":"cryptographically-enforced-four-eyes-principle","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/cryptographically-enforced-four-eyes-principle\/","title":{"rendered":"Cryptographically Enforced Four-Eyes Principle"},"content":{"rendered":"<p style=\"text-align: justify;\"><strong>Title<\/strong><\/p>\n<p style=\"text-align: justify;\">Cryptographically Enforced Four-Eyes Principle<\/p>\n<p style=\"text-align: justify;\"><strong>Authors<\/strong><\/p>\n<p style=\"text-align: justify;\">Arne Bilzhause (Institute of IT-Security and Security Law, University of Passau), Manuel Huber (Fraunhofer Research Institute AISEC, Munich, Germany), Henrich C. P\u00f6hls (Institute of IT-Security and Security Law, University of Passau), Kai Samelin (IBM Research \u2013 Zurich, R\u00fcschlikon, Switzerland &amp; TU Darmstadt, Darmstadt, Germany)<\/p>\n<p style=\"text-align: justify;\"><strong>Abstract<\/strong><\/p>\n<p style=\"text-align: justify;\">The 4-eyes principle (4EP) is a well-known access control and authorization principle, and used in many scenarios to minimize the likelihood of corruption. It states that at least two separate entities must approve a message before it is considered authentic. Hence, an adversarial party aiming to forge bogus content is forced to convince other parties to collude in the attack. We present a formal framework along with a suitable security model. Namely, a party sets a policy for a given message which involves multiple additional approvers in order to authenticate the message. Finally, we show how these signatures are black-box realized by secure sanitizable signature schemes.<\/p>\n<p style=\"text-align: justify;\"><strong>Venue<\/strong><\/p>\n<p style=\"text-align: justify;\">SECPID 2016 EU Symposium - ARES 2016 (<a href=\"https:\/\/www.ares-conference.eu\/conference\/ares-eu-symposium\/secpid-2016\/\">https:\/\/www.ares-conference.eu\/conference\/ares-eu-symposium\/secpid-2016\/<\/a>)<\/p>\n<p style=\"text-align: justify;\"><strong>Place and Date<\/strong><\/p>\n<p style=\"text-align: justify;\">Salzburg, Austria, August 31 \u2013 September 2, 2016.<\/p>\n<p style=\"text-align: justify;\"><strong>Publication Reference<\/strong><\/p>\n<p style=\"text-align: justify;\">A. Bilzhause, M. Huber, H. C. P\u00f6hls and K. Samelin. Cryptographically Enforced Four-Eyes Principle. In Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud to be held at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016), Conference Publishing Services (CPS), 2016.<\/p>\n<p style=\"text-align: justify;\">[<a href=\"http:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?arnumber=7784643\">Download<\/a>]<\/p>\n<p><strong>Bibtex<\/strong><\/p>\n<pre>@inproceedings{Bilzhause_et_al_SECPID16,\r\n Author\u00a0\u00a0\u00a0 = {Arne Bilzhause and Manuel Huber and Henrich C. P\\\"ohls and Kai Samelin},\r\n Title\u00a0\u00a0\u00a0\u00a0 = {{Cryptographically Enforced Four-Eyes Principle}},\r\n Booktitle = {{Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud \u00a0at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016)}},\r\n Editors\u00a0\u00a0 = {},\r\n Year\u00a0\u00a0\u00a0\u00a0\u00a0 = {2016},\r\n Month\u00a0\u00a0\u00a0\u00a0 = {August},\r\n Publisher = {Conference Publishing Services (CPS)},\u00a0 Url = {https:\/\/web.sec.uni-passau.de\/papers\/2016_BilzhauseHuberPoehlsSamelin_4EyesPrinciple_ARES_SECPID.pdf}\r\n}<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A. Bilzhause, M. Huber, H. C. P\u00f6hls and K. Samelin. Cryptographically Enforced Four-Eyes Principle. In Proc. of the Workshop on Security, Privacy, and Identity Management in the Cloud to be held at the 11th International Conference on Availability, Reliability and Security (ARES SECPID 2016), Conference Publishing Services (CPS), 2016.<\/p>\n","protected":false},"author":2,"featured_media":746,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1222"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=1222"}],"version-history":[{"count":5,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1222\/revisions"}],"predecessor-version":[{"id":1933,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1222\/revisions\/1933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/746"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=1222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=1222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=1222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}