Scientific knowledge map · Paper #62
In-App Cryptographically-Enforced Selective Access Control for Microsoft Office and Similar Platforms
2022 · 6th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)
- Applied
- scheme
Research question
What does the paper try to establish?
Can fine-grained access policies be enforced cryptographically inside familiar Office documents, while preserving the document format and keeping encryption and decryption responsive enough for ordinary use?
Central answer
What is the proposed answer?
The paper implements an Excel add-in that encrypts selected cell ranges locally under random symmetric keys and protects those keys with FAME ciphertext-policy attribute-based encryption. The same document remains usable by recipients with different attributes, and prototype measurements report sub-second to low-second workflows for the tested policies and spreadsheet sizes, subject to key-management, platform, and deployment assumptions.
Full published-paper abstract
Abstract
The interplay between cryptography and access control has been widely investigated in the literature. On the bright side, attribute-based encryption (ABE) has appeared as a major cryptographic tool going beyond the all-or-nothing approach of public-key encryption by supporting fine-grained access control for encrypted data. Unfortunately, the deployment and adoption of ABE have been slow, and few commercial widely-used products use it to date. In particular, selective and fine-grained control over what is shared, and with whom, is absent from common data products and formats, such as those generated by commercial products (Microsoft Word documents, Excel spreadsheets, PowerPoint slides, and so on). This lack of selective and fine-grained control results in users simply not sharing. This major usability shortcoming impacts defense and military coalition operations, as well as commercial settings, such as life sciences, healthcare, and the financial sectors. This paper addresses this identified usability problem head-on by proposing a cryptographically-enforced selective access control in Microsoft Office products and similar platforms. We focus on Excel as an illustrative use-case, but note that our work is applicable to (and is implemented for) other Microsoft products such as Word, PowerPoint, and Outlook. Using the JavaScript API for Microsoft Office, we designed and developed simple add-ins that enable cell encryption according to a policy, and requires a key that embeds attributes satisfying the policy in order to decrypt. Our performance evaluation not only shows that cryptographic-based selective sharing of information in widely-deployed and widely-used commercial authoring and collaboration platforms is possible, but also efficient.
Provenance: Transcribed from the checked-in published PDF; only typography, discretionary hyphenation, and line-break artifacts were normalized. The distinct extended-version PDF has a materially revised abstract and is not used here.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence High
-
The paper specifies a concrete scheme and trust boundary, implements the central workflow, and reports multiple performance and size experiments; production deployment, public code, usability studies, and independent reproduction remain outside that evidence.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Standardized multi-receiver alternative, informal security reasoning, and limits - Auditability High
-
Both public full-text versions are checked into the author site with recorded SHA-256 hashes and page counts, making the assumptions, workflow, measurements, and version differences directly inspectable.
Published version identity and abstract Motivation, contribution, and prototype boundary FAME/Charm environment and encryption, decryption, and size measurements - Production provenance Medium
-
Named authorship, two identifiable versions, and peer-reviewed publication establish baseline provenance; contributor roles, revision history, prototype revision, tool/AI use, and author approval of this map are incomplete.
Published version identity and abstract Official peer-reviewed publication record - External scrutiny Medium
-
CSCML publication supplies venue-level scrutiny, but no public reviews, artifact evaluation, independent reproduction, or adversarial analysis was located.
Official peer-reviewed publication record - Reception Low
-
OpenAlex record W4285178185 reported 0 citations in a DOI-specific query on 2026-07-11; this is a time-dependent index snapshot with database coverage and record-linkage limits.
Dated citation-count snapshot - Contribution significance Medium
-
The work demonstrates a concrete route from ABE research to familiar enterprise documents and measures it, but the audited evidence does not establish broad deployment, standardization, or downstream adoption.
Motivation, contribution, and prototype boundary FAME/Charm environment and encryption, decryption, and size measurements Extension to other platforms and client-side-execution boundary
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
In-app selective access control
A working Office add-in design for encrypting selected document regions under attribute policies, evaluated as an Excel prototype and extended with enterprise-deployment analysis.
Motivation, contribution, and prototype boundary Published version identity and abstract-
question Research question
research questionCan users selectively share one intact Office document while cryptography, rather than a trusted document server, determines which protected regions each recipient can read?
Motivation, contribution, and prototype boundary -
contribution Central answer
implemented and measuredIntegrate a policy UI and hybrid encryption into an Office JavaScript add-in, place encrypted cell data in the document's custom XML, and release a data key only when a recipient's CP-ABE attributes satisfy the policy.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements -
scope System and trust boundary explicitly scoped
The prototype protects selected spreadsheet content while relying on a key-issuing authority, Office's add-in and document APIs, cryptographic implementations, and secure handling of recipient keys.
Key authority, hosting, encryption/decryption services, and recipients Enterprise building blocks and cloud, hybrid, and on-premises deployment options-
assumption Key authority and identity integration
trusted componentAn authority alone holds the CP-ABE master secret and issues attribute keys; an enterprise deployment must connect that lifecycle to IAM, private-key storage, revocation, and logging infrastructure.
Key authority, hosting, encryption/decryption services, and recipients Enterprise building blocks and cloud, hybrid, and on-premises deployment options
-
-
scheme Selective-encryption scheme implemented
The design combines local authenticated symmetric encryption for cell contents with FAME CP-ABE encapsulation of a random content key and an embedded policy describing eligible attributes.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements-
component Document-preserving storage
implementedCiphertexts and metadata are stored in a custom XML part, protected cells are cleared or shown as unavailable, and formulas remain recoverable because the workflow encrypts underlying cell inputs rather than only rendered text.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows -
component Policy representation
implemented with caveatsThe UI supports AND/OR combinations over string and numerical predicates; numerical comparisons are compiled into bit attributes, increasing policy size and requiring a fixed bit length chosen consistently by issuers and encryptors.
Policy language, numerical attributes, parser modification, and bit-length caveat
-
-
claim group Principal claims mixed
The paper makes an implementation claim, a conditional confidentiality claim, and a measured usability/performance claim; it does not claim a production deployment or an end-to-end formal proof.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Standardized multi-receiver alternative, informal security reasoning, and limits-
claim Attribute-gated confidentiality
cryptographically conditionalA recipient who lacks a CP-ABE key satisfying the cell policy should not recover the symmetric content key, conditional on the CP-ABE, authenticated-encryption, key-issuance, and client-execution assumptions.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements -
claim Interactive-scale prototype performance
experimentally supportedIn the reported laptop/Docker environment, encrypting 10,000 cells ranges from 580 ms for the simplest policy to 1.614 s for the largest tested policy; decrypting one to ten 100-cell ranges averages about 1.082-1.851 s.
FAME/Charm environment and encryption, decryption, and size measurements
-
-
evidence group Evidence chain
implemented and measuredEvidence consists of described add-in workflows, screenshots, a FAME/Charm prototype, concrete policy and file-size tests, and deployment analysis; no public code repository or independent reproduction is identified in the audited sources.
Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Enterprise building blocks and cloud, hybrid, and on-premises deployment options -
limitation group Limits and unresolved obligations material
The tested system is a prototype, large numerical policies expand substantially, the standardized fallback loses collusion resistance for AND clauses, and production security depends on key lifecycle, trusted client execution, Office APIs, and enterprise integration.
Policy language, numerical attributes, parser modification, and bit-length caveat Standardized multi-receiver alternative, informal security reasoning, and limits Enterprise building blocks and cloud, hybrid, and on-premises deployment options-
limitation Client-side execution is essential
platform dependentPlatforms that execute extensions only on a server may expose plaintext or long-term keys to that server; the paper's out-of-platform workaround improves trust placement at a cost in usability.
Extension to other platforms and client-side-execution boundary
-
-
artifact group Auditable resources and versions
source availableBoth the published and extended PDFs are checked into this site with fixity and page counts. They are distinct versions: the extended copy adds material and should not silently replace the published record.
Published version identity and abstract Enterprise building blocks and cloud, hybrid, and on-premises deployment options Official peer-reviewed publication record -
scrutiny External scrutiny
venue reviewedThe proceedings paper appeared at CSCML 2022. No public review reports, artifact evaluation, independent reproduction, correction, or adversarial analysis was located in this audit.
Official peer-reviewed publication record -
lineage Research and version lineage
documentedThe work applies mature CP-ABE ideas to widely used authoring software, with Excel as the measured case and Word, Outlook, PowerPoint, browser, and other platform directions treated at different implementation or future-work stages.
Motivation, contribution, and prototype boundary Extension to other platforms and client-side-execution boundary
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Motivation, contribution, and prototype boundary Abstract and Section 1, PDF pages 1-3
- Key authority, hosting, encryption/decryption services, and recipients Sections 3.1-3.2, PDF pages 6-7
- Spreadsheet creation, hybrid encryption, storage, and decryption workflows Sections 3.3-3.5, PDF pages 7-11
- Policy language, numerical attributes, parser modification, and bit-length caveat Section 3.6, PDF pages 11-13
- FAME/Charm environment and encryption, decryption, and size measurements Section 4 and Tables 1-3, PDF pages 13-16
- Standardized multi-receiver alternative, informal security reasoning, and limits Section 5, PDF pages 16-20
- Enterprise building blocks and cloud, hybrid, and on-premises deployment options Section 6, PDF pages 20-22
- Extension to other platforms and client-side-execution boundary Sections 7-8, PDF pages 22-24
- Published version identity and abstract Title page and abstract, PDF page 1
- Official peer-reviewed publication record CSCML 2022, DOI 10.1007/978-3-031-07689-3_32
- Dated citation-count snapshot OpenAlex cited_by_count = 0, queried by DOI on 2026-07-11