Abstract
Cloud Storage, which provides cost-efficient and scalable storage services, has emerged as a hot paradigm today. As promising as it is, Cloud Storage also brings forth security challenges. Sensitive data may be outsourced for sharing on cloud storage servers, which are not within the same trusted domain as the data owner (DO). To keep the data confidential against unauthorized parties, cryptographic access control must be applied. Existing methods usually require the access policies be fully managed by the DO, which could lead to the DO-side bottleneck. This paper addressed the issue by implementing a cryptographic Role-Based Access Control via CP-ABE. The access policies are divided into two parts: Permission Assignments (PAs) and Role Assignments (RAs), and we develop an approach called propagation to allow RAs to be handled effectively by users besides the DO. Since most of the dynamic policies in the Cloud are triggered by RAs, the bottleneck could be successfully avoided.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus-scalable secure file sharing on untrusted storage. In: Proceedings of the Second USENIX Conference on File and Storage Technologies (FAST). USENIX (March 2003)
Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: Securing remote untrusted storage. In: NDSS (2003)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In: ACM Conference on Computer and Communications Security, ACM CCS (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy (2007)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM 2010, pp. 15–19 (2010)
Hong, C., Zhang, M., Feng, D.: AB-ACCS: A cryptographic access control scheme for cloud storage. In: NDBC 2010 (2010)
Tian, X., Wang, X., Zhou, A.: DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS. In: 2009 IEEE International Conference on Cloud Computing, pp. 25–32 (2009)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proc. of VLDB 2007, Vienna, Austria (2007)
Ferraiolo, D., Cugini, J., Kuhn, R.: Role-based access control: Features and motivations. In: Proceedings of the Annual Computer Security Applications Conference. IEEE Press, Los Alamitos (1995)
Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of 12th ACM Conference on Computer and Communications Security, pp. 190–202 (2005)
Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proc. Of the 19th IEEE CSFW 2006, Venice, Italy (July 2006)
Ferraiolo, D.F., Gilbert, D.M., Lynch, N.: An Examination of Federal and Commercial Access Control Policy Needs. In: Proc. NIST-NCSC National Computer Security Conf., Nat’l. Inst. Standards and Technology, Gaithersburg, Md., pp. 107–116 (1993)
Cachin, C., Keidar, I., Shraer, A.: Trusting the cloud. ACM SIGACT News 40(2), 81–86 (2009)
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM CCCS (2007)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS (2010)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Malek, B., Miri, A.: Combining attribute-based and access systems. In: Muzio, J.C., Brent, R.P. (eds.) Proc. IEEE CSE 2009, 12th IEEE Int’l Conf. on Computational Science and Engineering, pp. 305–312. IEEE Computer Society, Los Alamitos (2009)
Narayanan, H.A.J., Güneş, M.H.: Ensuring Access Control in Cloud Provisioned Healthcare Systems, http://www.cse.unr.edu/~mgunes/papers/eHealth11.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hong, C., lv, Z., Zhang, M., Feng, D. (2011). A Secure and Efficient Role-Based Access Policy towards Cryptographic Cloud Storage. In: Wang, H., Li, S., Oyama, S., Hu, X., Qian, T. (eds) Web-Age Information Management. WAIM 2011. Lecture Notes in Computer Science, vol 6897. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23535-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-23535-1_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23534-4
Online ISBN: 978-3-642-23535-1
eBook Packages: Computer ScienceComputer Science (R0)