A Secure and Efficient Role-Based Access Policy towards Cryptographic Cloud Storage

Cloud Storage, which provides cost-efficient and scalable storage services, has emerged as a hot paradigm today. As promising as it is, Cloud Storage also brings forth security challenges. Sensitive data may be outsourced for sharing on cloud storage servers, which are not within the same trusted domain as the data owner (DO). To keep the data confidential against unauthorized parties, cryptographic access control must be applied. Existing methods usually require the access policies be fully managed by the DO, which could lead to the DO-side bottleneck. This paper addressed the issue by implementing a cryptographic Role-Based Access Control via CP-ABE. The access policies are divided into two parts: Permission Assignments (PAs) and Role Assignments (RAs), and we develop an approach called propagation to allow RAs to be handled effectively by users besides the DO. Since most of the dynamic policies in the Cloud are triggered by RAs, the bottleneck could be successfully avoided.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[6]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[8]  Ali Miri,et al.  Combining Attribute-Based and Access Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[9]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[10]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[11]  Mehmet Hadi Gunes,et al.  Ensuring access control in cloud provisioned healthcare systems , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[12]  Jason Crampton,et al.  On key assignment for hierarchical access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[13]  Mikhail J. Atallah,et al.  Dynamic and efficient key management for access hierarchies , 2005, CCS '05.

[14]  Lv Zhiquan Cryptographic Access Control Scheme for Cloud Storage , 2011 .

[15]  Aoying Zhou,et al.  DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS , 2009, 2009 IEEE International Conference on Cloud Computing.

[16]  David F. Ferraiolo,et al.  An Examination of Federal and Commercial Access Control Policy Needs , 1993 .

[17]  Idit Keidar,et al.  Trusting the cloud , 2009, SIGA.