Commune: Shared Ownership in an Agnostic Cloud

Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because, for example, one owner can delete files and revoke access without consulting the other collaborators. In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose a solution, called Commune, to the problem of distributed enforcement of shared ownership in agnostic clouds, so that access grants require the support of an agreed threshold of owners. Commune can be used in existing clouds without modifications to the platforms. We analyze the security of our solution and evaluate its performance through an implementation integrated with Amazon S3.

[1]  Yuan Zhou Introduction to Coding Theory , 2010 .

[2]  Claudio Soriente,et al.  Securing Cloud Data in the New Attacker Model , 2014, IACR Cryptol. ePrint Arch..

[3]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[4]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[5]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[6]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[7]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[8]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[9]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[10]  Ronald L. Rivest,et al.  Hourglass schemes: how to prove that cloud files are encrypted , 2012, CCS.

[11]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[12]  Anand Desai,et al.  The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search , 2000, CRYPTO.

[13]  Michael K. Reiter,et al.  Fault-scalable Byzantine fault-tolerant services , 2005, SOSP '05.

[14]  Jacobus H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[15]  Marcos K. Aguilera,et al.  Using erasure codes efficiently for storage in a distributed system , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[16]  Huaxia Xia,et al.  RobuSTore: a distributed storage architecture with robust and high performance , 2007, Proceedings of the 2007 ACM/IEEE Conference on Supercomputing (SC '07).

[17]  Josef Pieprzyk,et al.  Conditionally secure secret sharing schemes with disenrollment capability , 1994, CCS '94.

[18]  Angelos D. Keromytis,et al.  Trust management for IPsec , 2002, TSEC.

[19]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[20]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[21]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[22]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[23]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[24]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[25]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.