Towards privacy preserving access control in the cloud

It is very costly and cumbersome to manage database systems in-house especially for small or medium organizations. Data-as-a-Service (DaaS) hosted in the cloud provides an attractive solution, which is flexible, reliable, easy and economical to operate, for such organizations. However security and privacy issues concerning the storage of the data in the cloud and access via the Internet have been major concerns for many organizations. The data and the human resources are the life blood of any organization. Hence, they should be strongly protected. In this paper, we identify the challenges in securing DaaS model and propose a system called CloudMask that lays the foundation for organizations to enjoy all the benefits of hosting their data in the cloud while at the same time supporting fine-grained and flexible access control for shared data hosted in the cloud.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[3]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[4]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[5]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[6]  Elisa Bertino,et al.  A privacy-preserving approach to policy-based content dissemination , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[7]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[8]  Marco Eichelberg,et al.  A survey and analysis of Electronic Healthcare Record standards , 2005, CSUR.

[9]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[10]  Elisa Bertino,et al.  Mask: a system for privacy-preserving policy-based access to published content , 2010, SIGMOD Conference.

[11]  Elisa Bertino,et al.  A Practical and Flexible Key Management Mechanism For Trusted Collaborative Computing , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[12]  Cong Wang,et al.  Privacy-preserving multi-keyword ranked search over encrypted cloud data , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Ravi S. Sandhu,et al.  Foundations for group-centric secure information sharing models , 2009, SACMAT '09.

[14]  Cong Wang,et al.  Secure Ranked Keyword Search over Encrypted Cloud Data , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[17]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2006, IEEE Trans. Dependable Secur. Comput..

[18]  Yacine Challal,et al.  Group Key Management Protocols: A Novel Taxonomy , 2008 .

[19]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[20]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[21]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[22]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Matthew Green,et al.  Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials , 2009, Public Key Cryptography.

[24]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[25]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[26]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[27]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[28]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[29]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[30]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.