Skip to main content
SpringerLink
Log in

A Secure and Efficient Role-Based Access Policy towards Cryptographic Cloud Storage

  • Conference paper
Web-Age Information Management (WAIM 2011)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6897))

Included in the following conference series:

Abstract

Cloud Storage, which provides cost-efficient and scalable storage services, has emerged as a hot paradigm today. As promising as it is, Cloud Storage also brings forth security challenges. Sensitive data may be outsourced for sharing on cloud storage servers, which are not within the same trusted domain as the data owner (DO). To keep the data confidential against unauthorized parties, cryptographic access control must be applied. Existing methods usually require the access policies be fully managed by the DO, which could lead to the DO-side bottleneck. This paper addressed the issue by implementing a cryptographic Role-Based Access Control via CP-ABE. The access policies are divided into two parts: Permission Assignments (PAs) and Role Assignments (RAs), and we develop an approach called propagation to allow RAs to be handled effectively by users besides the DO. Since most of the dynamic policies in the Cloud are triggered by RAs, the bottleneck could be successfully avoided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus-scalable secure file sharing on untrusted storage. In: Proceedings of the Second USENIX Conference on File and Storage Technologies (FAST). USENIX (March 2003)

    Google Scholar 

  2. Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: Securing remote untrusted storage. In: NDSS (2003)

    Google Scholar 

  3. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. In: ACM Conference on Computer and Communications Security, ACM CCS (2006)

    Google Scholar 

  4. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy (2007)

    Google Scholar 

  5. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM 2010, pp. 15–19 (2010)

    Google Scholar 

  6. Hong, C., Zhang, M., Feng, D.: AB-ACCS: A cryptographic access control scheme for cloud storage. In: NDBC 2010 (2010)

    Google Scholar 

  7. Tian, X., Wang, X., Zhou, A.: DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS. In: 2009 IEEE International Conference on Cloud Computing, pp. 25–32 (2009)

    Google Scholar 

  8. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proc. of VLDB 2007, Vienna, Austria (2007)

    Google Scholar 

  9. Ferraiolo, D., Cugini, J., Kuhn, R.: Role-based access control: Features and motivations. In: Proceedings of the Annual Computer Security Applications Conference. IEEE Press, Los Alamitos (1995)

    Google Scholar 

  10. Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proceedings of 12th ACM Conference on Computer and Communications Security, pp. 190–202 (2005)

    Google Scholar 

  11. Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proc. Of the 19th IEEE CSFW 2006, Venice, Italy (July 2006)

    Google Scholar 

  12. Ferraiolo, D.F., Gilbert, D.M., Lynch, N.: An Examination of Federal and Commercial Access Control Policy Needs. In: Proc. NIST-NCSC National Computer Security Conf., Nat’l. Inst. Standards and Technology, Gaithersburg, Md., pp. 107–116 (1993)

    Google Scholar 

  13. Cachin, C., Keidar, I., Shraer, A.: Trusting the cloud. ACM SIGACT News 40(2), 81–86 (2009)

    Article  Google Scholar 

  14. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: ACM CCCS (2007)

    Google Scholar 

  15. Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS (2010)

    Google Scholar 

  16. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  17. Malek, B., Miri, A.: Combining attribute-based and access systems. In: Muzio, J.C., Brent, R.P. (eds.) Proc. IEEE CSE 2009, 12th IEEE Int’l Conf. on Computational Science and Engineering, pp. 305–312. IEEE Computer Society, Los Alamitos (2009)

    Chapter  Google Scholar 

  18. Narayanan, H.A.J., Güneş, M.H.: Ensuring Access Control in Cloud Provisioned Healthcare Systems, http://www.cse.unr.edu/~mgunes/papers/eHealth11.pdf

Download references

Author information

Authors and Affiliations

  1. The State Key Laboratory Of Information Security, 100080, Beijing, China

    Cheng Hong, Zhiquan lv, Min Zhang & Dengguo Feng

Authors
  1. Cheng Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiquan lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Min Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Asia, 5 Danling Rd., Haidian District, 100190, Beijing, China

    Haixun Wang

  2. Computer School, Wuhan University, 16 Luojiashan Road, 430072, Hubei, China

    Shijun Li

  3. Graduate School of Information Science and Technology, Hokkaido University, Kita 14, Nishi 9, Kita-ku, 060-0814, Hokkaido, Sapporo, Japan

    Satoshi Oyama

  4. College of Information Science and Technology, Drexel University, 19104, Philadelphia, PA, USA

    Xiaohua Hu

  5. State Key Laboratory of Software Engineering, Wuhan University, 16 Luojiashan Road, 430072, Wuhan, Hubei, China

    Tieyun Qian

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hong, C., lv, Z., Zhang, M., Feng, D. (2011). A Secure and Efficient Role-Based Access Policy towards Cryptographic Cloud Storage. In: Wang, H., Li, S., Oyama, S., Hu, X., Qian, T. (eds) Web-Age Information Management. WAIM 2011. Lecture Notes in Computer Science, vol 6897. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23535-1_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23535-1_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23534-4

  • Online ISBN: 978-3-642-23535-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation