Abstract
Considering of economy, efficiency and security, more and more small and medium economic and social organizations are trying to outsource their growing business data to one or multiple professional storage service providers. But the separation between actual data owners and operator leads the demands for the technology of secure distributed storage. In this condition, we don’t assume that the entity enforcing access control policies is also the owner of data and resources like in traditional access control models. In this paper, we discuss the current state of information security outsourcing and analyze outsourced data security in cloud, access control and secret sharing. And then a new privacy enhanced access control scheme for outsourced data in cloud based on secret share is presented. In this scheme, a sensitive outsourced data can be divided to many shares which are stored in multiple cloud servers separately. Furthermore, the proposed scheme uses several service providers to guarantee the availability of the services. The evaluations demonstrate that our data outsourcing framework is scalable and practical.
This paper was supported by the National Natural Science Foundation of China under Grant U15092145, the National Social Science Foundation of China under Grant 13AXW010, Beijing Philosophy and Social Science Foundation of China under Grant 14JGA001, Discipline Construction Foundation of Central University of Finance and Economics.
This is a preview of subscription content, log in via an institution.
References
Wang, H., Yi, X., Bertino, E., Sun, L.: Protecting outsourced data in cloud computing through access management. Concurr. Comput. Pract. Exp. wileyonlinelibrary.com. doi:10.1002/cpe.3286
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute based encryption. IEEE Trans. Parallel Distrib. Syst. 24, 131–143 (2013)
Li, Q., Ma, J., Li, R., Liu, X., Xiong, J.: Secure, efficient and revocable multiauthority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016)
Khalfan, A.M.: Information security considerations in IS/IT outsourcing projects: a descriptive case study of two sectors. Int. J. Inf. Manag. 24, 29–42 (2004)
Bachlechner, D., Thalmann, S., Maier, R.: Security and compliance challenges in complex IT outsourcing arrangements: a multi-stakeholder perspective. Comput. Secur. 40, 38–59 (2014)
Ali, S., Khan, S.U.: Software outsourcing partnership model: an evaluation framework for vendor organisations. J. Syst. Softw. 117, 402–425 (2016)
Lei, X., Liao, X., Huang, T., Heriniaina, F.: Achieving security, robust cheating resistance, and high-efficiency for outsourcing large matrix multiplication computation to a malicious cloud. Inf. Sci. 280, 205–217 (2014)
Sujithra, M., Padmavathi, G., Narayanan, S.: Mobile device data security: a cryptographic approach by outsourcing mobile data to cloud. Procedia Comput. Sci. 47, 480–485 (2015)
Liang, H., Wang, J.-J., Xue, Y., Cui, X.: IT outsourcing research from 1992 to 2013: a literature review based on main path analysis. Inf. Manag. 53(2), 227–251 (2016)
Hamlen, K.W., Thuraisingham, B.: Data security services, solutions and standards for outsourcing. Comput. Stand. Interfaces 35(1), 1–5 (2013)
Emekci, F., Methwally, A., Agrawal, D., El Abbadi, A.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)
Cullinan, C.P., Zheng, X.: Outsourcing accounting information systems: evidence from closed-end mutual fund families. Int. J. Acc. Inf. Syst. 17, 65–83 (2015)
Martinsons, M.G.: Outsourcing information systems: a strategic partnership with risks. Long Range Plan. 26(3), 18–25 (1993)
Liu, C., Yang, C., Zhang, X., Chen, J.: External integrity verification for outsourced big data in cloud and IoT: a big picture. Future Gener. Comput. Syst. 49, 58–67 (2015)
Torabian, H.: Protecting sensitive data using differential privacy and role-based access control, Ph.D. thesis, University Laval (2016)
Sareen, S., Sood, S.K., Gupta, S.K.: Towards the design of a secure data outsourcing using fragmentation and secret sharing scheme. Inf. Secur. J. A Glob. Perspect. 25(1–3), 39–53 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhang, N., Zhu, J. (2017). Privacy-Preserving Access Control Scheme for Outsourced Data in Cloud. In: Fan, M., Heikkilä, J., Li, H., Shaw, M., Zhang, H. (eds) Internetworked World. WEB 2016. Lecture Notes in Business Information Processing, vol 296. Springer, Cham. https://doi.org/10.1007/978-3-319-69644-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-69644-7_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69643-0
Online ISBN: 978-3-319-69644-7
eBook Packages: Computer ScienceComputer Science (R0)