SecRBAC: Secure data in the Clouds

Most current security solutions are based on perimeter security. However, Cloud computing breaks the organization perimeters. When data resides in the Cloud, they reside outside the organizational bounds. This leads users to a loos of control over their data and raises reasonable security concerns that slow down the adoption of Cloud computing. Is the Cloud service provider accessing the data? Is it legitimately applying the access control policy defined by the user? This paper presents a data-centric access control solution with enriched role-based expressiveness in which security is focused on protecting user data regardless the Cloud service provider that holds it. Novel identity-based and proxy re-encryption techniques are used to protect the authorization model. Data is encrypted and authorization rules are cryptographically protected to preserve user data against the service provider access or misbehavior. The authorization model provides high expressiveness with role hierarchy and resource hierarchy support. The solution takes advantage of the logic formalism provided by Semantic Web technologies, which enables advanced rule management like semantic conflict detection. A proof of concept implementation has been developed and a working prototypical deployment of the proposal has been integrated within Google services.

[1]  Yu Zhang,et al.  FEACS: A Flexible and Efficient Access Control Scheme for Cloud Computing , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  Best Practices in Enterprise Authorization V 2 : The RBAC / ABAC Hybrid Approach , .

[3]  Russ Housley,et al.  Cryptographic Message Syntax (CMS) , 2002, RFC.

[4]  Antonio F. Gómez-Skarmeta,et al.  Detection of semantic conflicts in ontology and rule-based information systems , 2010, Data Knowl. Eng..

[5]  B. Balamurugan,et al.  Extensive Survey on Usage of Attribute Based Encryption in Cloud , 2014 .

[6]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[7]  Zhen Hua Liu,et al.  Full secure identity-based encryption scheme with short public key size over lattices in the standard model , 2016, Int. J. Comput. Math..

[8]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[9]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[10]  Abdel-Badeeh M. Salem,et al.  Innovative Method for enhancing Key generation and management in the AES-algorithm , 2015, ArXiv.

[11]  Alexander Lawall,et al.  Resource management and authorization for cloud services , 2015, S-BPM ONE.

[12]  Rakesh Bobba,et al.  Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption , 2009, ESORICS.

[13]  Peter F. Patel-Schneider,et al.  OWL 2 Web Ontology Language Primer (Second Edition) , 2012 .

[14]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[15]  Bernardo Cuenca Grau,et al.  OWL 2 Web Ontology Language: Profiles , 2009 .

[16]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[17]  Ming Gu,et al.  Hierarchical Attribute-Set Based Encryption for Scalable, Flexible and Fine-Grained Access Control in Cloud Computing , 2011, ISPEC.

[18]  Edward J. Coyne,et al.  ABAC and RBAC: Scalable, Flexible, and Auditable Access Management , 2013, IT Professional.

[19]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.