Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #62

In-App Cryptographically-Enforced Selective Access Control for Microsoft Office and Similar Platforms

Karim Eldefrawy, Tancrède Lepoint, and Laura Tam

2022 · 6th International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML)

  • Applied
  • scheme

What does the paper try to establish?

Can fine-grained access policies be enforced cryptographically inside familiar Office documents, while preserving the document format and keeping encryption and decryption responsive enough for ordinary use?

What is the proposed answer?

The paper implements an Excel add-in that encrypts selected cell ranges locally under random symmetric keys and protects those keys with FAME ciphertext-policy attribute-based encryption. The same document remains usable by recipients with different attributes, and prototype measurements report sub-second to low-second workflows for the tested policies and spreadsheet sizes, subject to key-management, platform, and deployment assumptions.

Abstract

The interplay between cryptography and access control has been widely investigated in the literature. On the bright side, attribute-based encryption (ABE) has appeared as a major cryptographic tool going beyond the all-or-nothing approach of public-key encryption by supporting fine-grained access control for encrypted data. Unfortunately, the deployment and adoption of ABE have been slow, and few commercial widely-used products use it to date. In particular, selective and fine-grained control over what is shared, and with whom, is absent from common data products and formats, such as those generated by commercial products (Microsoft Word documents, Excel spreadsheets, PowerPoint slides, and so on). This lack of selective and fine-grained control results in users simply not sharing. This major usability shortcoming impacts defense and military coalition operations, as well as commercial settings, such as life sciences, healthcare, and the financial sectors. This paper addresses this identified usability problem head-on by proposing a cryptographically-enforced selective access control in Microsoft Office products and similar platforms. We focus on Excel as an illustrative use-case, but note that our work is applicable to (and is implemented for) other Microsoft products such as Word, PowerPoint, and Outlook. Using the JavaScript API for Microsoft Office, we designed and developed simple add-ins that enable cell encryption according to a policy, and requires a key that embeds attributes satisfying the policy in order to decrypt. Our performance evaluation not only shows that cryptographic-based selective sharing of information in widely-deployed and widely-used commercial authoring and collaboration platforms is possible, but also efficient.

Provenance: Transcribed from the checked-in published PDF; only typography, discretionary hyphenation, and line-break artifacts were normalized. The distinct extended-version PDF has a materially revised abstract and is not used here.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The paper specifies a concrete scheme and trust boundary, implements the central workflow, and reports multiple performance and size experiments; production deployment, public code, usability studies, and independent reproduction remain outside that evidence.

Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Standardized multi-receiver alternative, informal security reasoning, and limits
Auditability High

Both public full-text versions are checked into the author site with recorded SHA-256 hashes and page counts, making the assumptions, workflow, measurements, and version differences directly inspectable.

Published version identity and abstract Motivation, contribution, and prototype boundary FAME/Charm environment and encryption, decryption, and size measurements
Production provenance Medium

Named authorship, two identifiable versions, and peer-reviewed publication establish baseline provenance; contributor roles, revision history, prototype revision, tool/AI use, and author approval of this map are incomplete.

Published version identity and abstract Official peer-reviewed publication record
External scrutiny Medium

CSCML publication supplies venue-level scrutiny, but no public reviews, artifact evaluation, independent reproduction, or adversarial analysis was located.

Official peer-reviewed publication record
Reception Low

OpenAlex record W4285178185 reported 0 citations in a DOI-specific query on 2026-07-11; this is a time-dependent index snapshot with database coverage and record-linkage limits.

Dated citation-count snapshot
Contribution significance Medium

The work demonstrates a concrete route from ABE research to familiar enterprise documents and measures it, but the audited evidence does not establish broad deployment, standardization, or downstream adoption.

Motivation, contribution, and prototype boundary FAME/Charm environment and encryption, decryption, and size measurements Extension to other platforms and client-side-execution boundary

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

In-app selective access control

A working Office add-in design for encrypting selected document regions under attribute policies, evaluated as an Excel prototype and extended with enterprise-deployment analysis.

Motivation, contribution, and prototype boundary Published version identity and abstract
  1. question

    Research question

    research question

    Can users selectively share one intact Office document while cryptography, rather than a trusted document server, determines which protected regions each recipient can read?

    Motivation, contribution, and prototype boundary
  2. scope System and trust boundary explicitly scoped

    The prototype protects selected spreadsheet content while relying on a key-issuing authority, Office's add-in and document APIs, cryptographic implementations, and secure handling of recipient keys.

    Key authority, hosting, encryption/decryption services, and recipients Enterprise building blocks and cloud, hybrid, and on-premises deployment options
  3. scheme Selective-encryption scheme implemented

    The design combines local authenticated symmetric encryption for cell contents with FAME CP-ABE encapsulation of a random content key and an embedded policy describing eligible attributes.

    Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements
  4. claim group Principal claims mixed

    The paper makes an implementation claim, a conditional confidentiality claim, and a measured usability/performance claim; it does not claim a production deployment or an end-to-end formal proof.

    Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Standardized multi-receiver alternative, informal security reasoning, and limits
    1. claim

      Interactive-scale prototype performance

      experimentally supported

      In the reported laptop/Docker environment, encrypting 10,000 cells ranges from 580 ms for the simplest policy to 1.614 s for the largest tested policy; decrypting one to ten 100-cell ranges averages about 1.082-1.851 s.

      FAME/Charm environment and encryption, decryption, and size measurements
  5. evidence group

    Evidence chain

    implemented and measured

    Evidence consists of described add-in workflows, screenshots, a FAME/Charm prototype, concrete policy and file-size tests, and deployment analysis; no public code repository or independent reproduction is identified in the audited sources.

    Spreadsheet creation, hybrid encryption, storage, and decryption workflows FAME/Charm environment and encryption, decryption, and size measurements Enterprise building blocks and cloud, hybrid, and on-premises deployment options
  6. limitation group Limits and unresolved obligations material

    The tested system is a prototype, large numerical policies expand substantially, the standardized fallback loses collusion resistance for AND clauses, and production security depends on key lifecycle, trusted client execution, Office APIs, and enterprise integration.

    Policy language, numerical attributes, parser modification, and bit-length caveat Standardized multi-receiver alternative, informal security reasoning, and limits Enterprise building blocks and cloud, hybrid, and on-premises deployment options
    1. limitation

      Client-side execution is essential

      platform dependent

      Platforms that execute extensions only on a server may expose plaintext or long-term keys to that server; the paper's out-of-platform workaround improves trust placement at a cost in usability.

      Extension to other platforms and client-side-execution boundary
  7. scrutiny

    External scrutiny

    venue reviewed

    The proceedings paper appeared at CSCML 2022. No public review reports, artifact evaluation, independent reproduction, correction, or adversarial analysis was located in this audit.

    Official peer-reviewed publication record

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Motivation, contribution, and prototype boundary Abstract and Section 1, PDF pages 1-3
  2. Key authority, hosting, encryption/decryption services, and recipients Sections 3.1-3.2, PDF pages 6-7
  3. Spreadsheet creation, hybrid encryption, storage, and decryption workflows Sections 3.3-3.5, PDF pages 7-11
  4. Policy language, numerical attributes, parser modification, and bit-length caveat Section 3.6, PDF pages 11-13
  5. FAME/Charm environment and encryption, decryption, and size measurements Section 4 and Tables 1-3, PDF pages 13-16
  6. Standardized multi-receiver alternative, informal security reasoning, and limits Section 5, PDF pages 16-20
  7. Enterprise building blocks and cloud, hybrid, and on-premises deployment options Section 6, PDF pages 20-22
  8. Extension to other platforms and client-side-execution boundary Sections 7-8, PDF pages 22-24
  9. Published version identity and abstract Title page and abstract, PDF page 1
  10. Official peer-reviewed publication record CSCML 2022, DOI 10.1007/978-3-031-07689-3_32
  11. Dated citation-count snapshot OpenAlex cited_by_count = 0, queried by DOI on 2026-07-11