Research on Access Control in Cloud Storage System: From Single to Multi-Clouds

Implementation of access control in cloud storage system is the essential method to protect users’ data from revealing sensitive information. The paper mainly investigates key technologies of access control in cloud storage system, including intra cloud and among multi-clouds. Firstly, we discuss about the focuses in recent researches and challenges of access control in cloud storage system. The access control researches here refer to cipher-text and cross-domain access control in cloud storage system. The key technologies introduce Ciphertext-Policy Attribute-Based Encryption algorithm(CP-ABE), ontology based attributes mapping, algebra based policies integration, solutions for identification, access authorization and identity federation. And the status of these fields is described next. At last, we concluded this paper and proposed some directions in the future work of access control research in cloud storage system. This paper can help to understand the key technologies of access control in cloud storage and helpful in the future researches.

[1]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[2]  Gonzalo Navarro,et al.  A guided tour to approximate string matching , 2001, CSUR.

[3]  Ming Li,et al.  CP-ABE Based Access Control for Cloud Storage , 2015, ITITS.

[4]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[5]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[6]  Dan Lin,et al.  Data protection models for service provisioning in the cloud , 2010, SACMAT '10.

[7]  Bouchra El Asri,et al.  Toward Sensor and Software Product Line Based Context Aware Cloud Environment Assignment , 2021, ArXiv.

[8]  Min-Hee Cho,et al.  User Authentication Technology using Multiple SSO in the Cloud Computing Environment , 2016 .

[9]  Xin Wang,et al.  From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services , 2015, IEEE Transactions on Services Computing.

[10]  Mohan Nagar,et al.  A Taxonomy of Scheduling Algorithms for Cloud Computing , 2015 .

[11]  Anupam Joshi,et al.  Representing Attribute Based Access Control Policies in OWL , 2016, 2016 IEEE Tenth International Conference on Semantic Computing (ICSC).

[12]  Radha Jagadeesan,et al.  Timed constraint programming: a declarative approach to usage control , 2005, PPDP '05.

[13]  Ke Ke,et al.  Towards Semantic Matching of Attributes in Multi-domain Access Control , 2010, 2010 International Symposium on Intelligence Information Processing and Trusted Computing.

[14]  Mohammed Radi Efficient Service Broker Policy For Large-Scale Cloud Environments , 2015, ArXiv.

[15]  Liyang Yu RDFS and Ontology , 2011 .

[16]  Li Lin,et al.  Packet: a privacy-aware access control policy composition method for services composition in cloud environments , 2016, Frontiers of Computer Science.

[17]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[18]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[19]  Liyang Yu,et al.  A Developer’s Guide to the Semantic Web , 2011, Springer Berlin Heidelberg.

[20]  Ye Tian,et al.  Role-based Access Control for Body Area Networks Using Attribute-based Encryption in Cloud Storage , 2017, Int. J. Netw. Secur..

[21]  Lin Gao,et al.  Fine-grained document sharing using attribute-based encryption in cloud servers , 2013, Third International Conference on Innovative Computing Technology (INTECH 2013).

[22]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[23]  B. Raja Sekhar,et al.  CP-ABE Based Encryption for Secured Cloud Storage Access , 2012 .

[24]  M. Auxilia,et al.  Ontology Centric Access Control Mechanism for Enabling Data Protection in Cloud , 2016 .

[25]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[26]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[27]  BaoYi Wang,et al.  Realization Distributed Access Control Based on Ontology and Attribute with OWL , 2012 .

[28]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[29]  Hiroyuki Sato,et al.  An Extended CP-ABE Based Access Control Model for Data Outsourced in the Cloud , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[30]  Wei-Tek Tsai,et al.  Role-Based Access-Control Using Reference Ontology in Clouds , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[31]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[32]  Manish Sharma,et al.  Cloud Computing Management and Synchronization Tools , 2013 .

[33]  Nitin Naik,et al.  An Analysis of Open Standard Identity Protocols in Cloud Computing Security Paradigm , 2016, 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[34]  Elisa Bertino,et al.  An algebra for fine-grained integration of XACML policies , 2009, SACMAT '09.

[35]  Hong Wang,et al.  A cross-domain access control model based on trust measurement , 2016, Wuhan University Journal of Natural Sciences.

[36]  Michael Backes,et al.  An Algebra for Composing Enterprise Privacy Policies , 2004, ESORICS.

[37]  Tingting Chen,et al.  Multilevel Threshold Secret Sharing in Distributed Cloud , 2015, SSCC.

[38]  Ravi S. Sandhu,et al.  Multi Cloud IaaS with Domain Trust in OpenStack , 2016, CODASPY.

[39]  Jun Cai,et al.  A Dynamic Multi-domain Access Control Model in Cloud Computing , 2015, SSCC.

[40]  Jason Crampton,et al.  Cryptographically-enforced hierarchical access control with multiple keys , 2009, J. Log. Algebraic Methods Program..

[41]  Jun Ma,et al.  Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage , 2013, 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC).

[42]  Wei Li,et al.  TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage , 2016, IEEE Transactions on Parallel and Distributed Systems.

[43]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[44]  Zhen Liu,et al.  Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach , 2016, IEEE Transactions on Multimedia.

[45]  Erwin Laure,et al.  Towards transparent integration of heterogeneous cloud storage platforms , 2011, DIDC '11.

[46]  Michael Backes,et al.  Lazy revocation in cryptographic file systems , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[47]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[48]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[49]  Rui Zhang,et al.  A dynamic cryptographic access control scheme in cloud storage services , 2012, 2012 8th International Conference on Computing and Networking Technology (INC, ICCIS and ICMIC).

[50]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[51]  Apurva Kumar Model Driven Security Analysis of IDaaS Protocols , 2011, ICSOC.

[52]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[53]  Sean Bechhofer,et al.  OWL: Web Ontology Language , 2009, Encyclopedia of Database Systems.

[54]  David Sánchez,et al.  Privacy-driven access control in social networks by means of automatic semantic annotation , 2016, Comput. Commun..

[55]  Rajendra K. Raj,et al.  Designing a Secure Cloud-Based EHR System using Ciphertext-Policy Attribute-Based Encryption , 2011 .

[56]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.