Skip to main content
SpringerLink
Log in
Book cover

Security, Privacy and Trust in Cloud Systems pp 313–344Cite as

Cryptographic Role-Based Access Control for Secure Cloud Data Storage Systems

  • Chapter
  • First Online:

Abstract

With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attracted much attention in recent times because of its ability to deliver resources for storage to users on demand in a cost effective manner. The cloud can provide a scalable high-performance storage architecture, and can help to significantly reduce the cost of maintenance of individual services.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    In this chapter, when we use the word cloud, we are referring to a public cloud.

  2. 2.

    We will use access control and authorisation interchangeably in this chapter and will not enter into a detailed discussion on the differences between these two terms.

  3. 3.

    In systems where there are small number of users, the \(\mathsf{GA }\) can act as the role manager to manage the user membership of each role to make the systems compact. However, in large scale systems, it is infeasible for a single party to manage all the users, therefore separate role managers make the user management more flexible and efficient.

References

  1. Akl Selim G, Taylor Peter D (1983) Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3):239–248

    Article  Google Scholar 

  2. Armbrust Michael, Fox Armando, Griffith Rean, Joseph Anthony D, Katz Randy H, Konwinski Andy, Lee Gunho, Patterson David A, Rabkin Ariel, Stoica Ion, Zaharia Matei (2010) A view of cloud computing. Commun. ACM 53(4):50–58

    Article  Google Scholar 

  3. Atallah MJ, Frikken KB, Blanton M (2005) Dynamic and efficient key management for access hierarchies. In: ACM conference on computer and communications security, pp 190–202, 7–11 Nov 2005

    Google Scholar 

  4. Barreto PSLM, Naehrig M (2005) Pairing-friendly elliptic curves of prime order. Selected areas in cryptography, vo 3897 of Lecture notes in computer science, Springer, Berlin, pp 319–331, 11–12 Aug 2005

    Google Scholar 

  5. Bell DE, LaPadula LJ (1975) Secure computer systems: mathematical foundations and model. Technical Report M74–244, MITRE Corporation, Bedford, MA

    Google Scholar 

  6. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. IEEE symposium on security and privacy, IEEE Computer Society, pp 321–334

    Google Scholar 

  7. Boneh D, Boyen X, Goh EJ (2005) Hierarchical identity based encryption with constant size ciphertext. EUROCRYPT, Lecture notes in computer science, vol 3494. Springer, Berlin, pp 440–456. 22–26 May 2005

    Google Scholar 

  8. Boneh D, Gentry C, Waters B (2005) Collusion resistant broadcast encryption with short ciphertexts and private keys. CRYPTO, Lecture notes in computer science, vol 3621. Springer, Berlin, pp 258–275, 14–18 Aug 2005

    Google Scholar 

  9. Boneh D, Hamburg M (2008) Generalized identity based and broadcast encryption schemes. In: ASIACRYPT, Lecture notes in computer science, vol 5350. Springer, Berlin, pp 455–470, 7–11 Dec 2008

    Google Scholar 

  10. Chase M (2007) Multi-authority attribute based encryption. In: TCC, Lecture notes in computer science, vol. 4392. Springer, Berlin, pp 515–534. 21–24 Feb 2007

    Google Scholar 

  11. Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. In: ACM conference on computer and communications security, pp 121–130

    Google Scholar 

  12. Cheung L, Newport C (2007) Provably secure ciphertext policy abe. In: ACM conference on computer and communications security, pp 456–465

    Google Scholar 

  13. Crampton J (2005) Understanding and developing role-based administrative models. In: ACM conference on computer and communications security, pp 158–167. 7–11 Nov 2005

    Google Scholar 

  14. Crampton Jason, Loizou George (2003) Administrative scope: a foundation for role-based administrative models. ACM Trans. Inf. Syst. Secur. 6(2):201–231

    Article  Google Scholar 

  15. Crampton J, Loizou G (2002) Administrative scope and role hierarchy operations. SACMAT, pp 145–154. 3–4 June 2002

    Google Scholar 

  16. Delerablée C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing, Lecture notes in computer science, vol 4575. Springer, Berlin, pp 39–59

    Google Scholar 

  17. Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM workshop on Computer security architecture, pp 63–69, 2 Nov 2007

    Google Scholar 

  18. Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd international conference on Very large data bases VLDB, pp 123–134. 23–27 Sept 2007

    Google Scholar 

  19. Emura K, Miyaji A, Nomura A, Omote K, Soshi M (2009) A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: ISPEC, Lecture notes in computer science, vol 5451. Springer, Berlin, pp 13–23. 13–15 April 2009

    Google Scholar 

  20. Ferraiolo DF, Kuhn DR (1992) Role-based access controls. In: 15th national computer security conference, vol 1–2. National Institute of Standards and Technology, National Computer Security Center, pp 554–563. 13–16 Oct 1992

    Google Scholar 

  21. Fiat A, Naor M (1993) Broadcast encryption. In: CRYPTO, Lecture notes in computer science, vol 773. Springer, Berlin, pp 480–491. 22–26 Aug 1993

    Google Scholar 

  22. Garay JA, Staddon J, Wool A (2000) Long-lived broadcast encryption. In: CRYPTO, Lecture notes in computer science, vol 1880. Springer, Berlin, pp 333–352. 20–24 Aug 2000

    Google Scholar 

  23. Gentry C, Silverberg A (2002) Hierarchical id-based cryptography. In: ASIACRYPT, Lecture notes in computer science, vol 2501. Springer, Berlin, pp 548–566

    Google Scholar 

  24. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: ACM conference on computer and communications security, pp 89–98. 30 Oct–Nov 3 2006

    Google Scholar 

  25. Halevy D, Shamir A (2002) The lsd broadcast encryption scheme. In: CRYPTO, Lecture notes in computer science, vol 2442. Springer, Berlin, pp 47–60. 18–22 Aug 2002

    Google Scholar 

  26. Hassen HH, Bouabdallah A, Bettahar H, Challal Y (2007) Key management for content access control in a hierarchy. Comput Netw 51(11):3197–3219

    Article  MATH  Google Scholar 

  27. Hu L, Liu Z, Cheng X (2010) Efficient identity-based broadcast encryption without random oracles. JCP 5(3):331–336

    Google Scholar 

  28. Ibraimi L, Tang Q, Hartel P, Jonker W (2009) Efficient and provable secure ciphertext-policy attribute-based encryption schemes. In: ISPEC, Lecture notes in computer science, vol 5451. Springer, Berlin, pp 1–12. 13–15 April 2009

    Google Scholar 

  29. Lin H, Cao Z, Liang X, Shao J (2008) Secure threshold multi authority attribute based encryption without a central authority. In: INDOCRYPT, Lecture notes in computer science, vol 5365. Springer, Berlin, pp 426–436

    Google Scholar 

  30. McLean J (1988) The algebra of security. In: IEEE symposium on security and privacy, pp 2–7. IEEE computer society, 18–21 April 1988

    Google Scholar 

  31. Miklau G, Suciu D (2003) Controlling access to published data using cryptography. In: 29th international conference on very large data, Bases, pp 898–909, Sep 2003

    Google Scholar 

  32. Miyaji A, Nakabayashi M, Takano S (2001) New explicit conditions of elliptic curve traces for fr-reduction. IEICE Trans Fundam E84-A(5):1234–1243

    Google Scholar 

  33. Oh S, Sandhu R, Zhang X (2006) An effective role administration model using organization structure. ACM Trans Inf Syst Secur 9(2):113–137

    Article  Google Scholar 

  34. Oh S, Sandhu R (2002) A model for role administration using organization structure. SACMAT, pp155–162

    Google Scholar 

  35. Sandh R, Bhamidipat V, Munawer Q (1999) The arbac97 model for role-based administration of roles. ACM Trans Inf Syst Secur 2(1):105–135

    Article  Google Scholar 

  36. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47

    Article  Google Scholar 

  37. Sandhu R, Ferraiolo D, Kuhn R (2000) The nist model for role-based access control: towards a unified standard. In: ACM workshop on role-based access control, RBAC00, pp 47–63

    Google Scholar 

  38. Sandhu R, Munawer Q (1999) The arbac99 model for administration of roles. In: Computer security applications conference, (ACSAC’99) proceedings. 15th annual, pp 229–238

    Google Scholar 

  39. Shamir A (1984) Identity-based cryptosystems and signature schemes. In: CRYPTO, Lecture notes in computer science, vol 196. Springer, Berlin, pp 47–53

    Google Scholar 

  40. Zhou L, Varadharajan V, Hitchens M (October 2011) Enforcing role-based access control for secure data storage in the cloud. Comput J 54(13):1675–1687

    Google Scholar 

  41. Zhou L, Varadharajan V, Hitchens M (2012) Trusted administration of large-scale cryptographic role-based access control systems. In: TrustCom, pp 714–721. 25–27 June 2012

    Google Scholar 

  42. Zhou L, Varadharajan V, Michael H (2011) A flexible cryptographic approach to secure data storage in the the cloud using role based access control. Int J Cloud Comput

    Google Scholar 

  43. Zhu Y, Hongxin H, Ahn GJ, Wang HX, Wang SB (2011) Provably secure role-based encryption with revocation mechanism. J Comput Sci Technol 26(4):697–710

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information and Networked Systems Security Research, Department of Computing, Macquarie University, Sydney, Australia

    Lan Zhou, Vijay Varadharajan & Michael Hitchens

Authors
  1. Lan Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Hitchens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vijay Varadharajan .

Editor information

Editors and Affiliations

  1. CSIRO ICT Centre, Marsfield, New South Wales, Australia

    Surya Nepal

  2. Telstra Corporation Limited, Melbourne, Victoria, Australia

    Mukaddim Pathan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Zhou, L., Varadharajan, V., Hitchens, M. (2014). Cryptographic Role-Based Access Control for Secure Cloud Data Storage Systems. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38586-5_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38585-8

  • Online ISBN: 978-3-642-38586-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation