Abstract
With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attracted much attention in recent times because of its ability to deliver resources for storage to users on demand in a cost effective manner. The cloud can provide a scalable high-performance storage architecture, and can help to significantly reduce the cost of maintenance of individual services.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In this chapter, when we use the word cloud, we are referring to a public cloud.
- 2.
We will use access control and authorisation interchangeably in this chapter and will not enter into a detailed discussion on the differences between these two terms.
- 3.
In systems where there are small number of users, the \(\mathsf{GA }\) can act as the role manager to manage the user membership of each role to make the systems compact. However, in large scale systems, it is infeasible for a single party to manage all the users, therefore separate role managers make the user management more flexible and efficient.
References
Akl Selim G, Taylor Peter D (1983) Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3):239–248
Armbrust Michael, Fox Armando, Griffith Rean, Joseph Anthony D, Katz Randy H, Konwinski Andy, Lee Gunho, Patterson David A, Rabkin Ariel, Stoica Ion, Zaharia Matei (2010) A view of cloud computing. Commun. ACM 53(4):50–58
Atallah MJ, Frikken KB, Blanton M (2005) Dynamic and efficient key management for access hierarchies. In: ACM conference on computer and communications security, pp 190–202, 7–11 Nov 2005
Barreto PSLM, Naehrig M (2005) Pairing-friendly elliptic curves of prime order. Selected areas in cryptography, vo 3897 of Lecture notes in computer science, Springer, Berlin, pp 319–331, 11–12 Aug 2005
Bell DE, LaPadula LJ (1975) Secure computer systems: mathematical foundations and model. Technical Report M74–244, MITRE Corporation, Bedford, MA
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. IEEE symposium on security and privacy, IEEE Computer Society, pp 321–334
Boneh D, Boyen X, Goh EJ (2005) Hierarchical identity based encryption with constant size ciphertext. EUROCRYPT, Lecture notes in computer science, vol 3494. Springer, Berlin, pp 440–456. 22–26 May 2005
Boneh D, Gentry C, Waters B (2005) Collusion resistant broadcast encryption with short ciphertexts and private keys. CRYPTO, Lecture notes in computer science, vol 3621. Springer, Berlin, pp 258–275, 14–18 Aug 2005
Boneh D, Hamburg M (2008) Generalized identity based and broadcast encryption schemes. In: ASIACRYPT, Lecture notes in computer science, vol 5350. Springer, Berlin, pp 455–470, 7–11 Dec 2008
Chase M (2007) Multi-authority attribute based encryption. In: TCC, Lecture notes in computer science, vol. 4392. Springer, Berlin, pp 515–534. 21–24 Feb 2007
Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. In: ACM conference on computer and communications security, pp 121–130
Cheung L, Newport C (2007) Provably secure ciphertext policy abe. In: ACM conference on computer and communications security, pp 456–465
Crampton J (2005) Understanding and developing role-based administrative models. In: ACM conference on computer and communications security, pp 158–167. 7–11 Nov 2005
Crampton Jason, Loizou George (2003) Administrative scope: a foundation for role-based administrative models. ACM Trans. Inf. Syst. Secur. 6(2):201–231
Crampton J, Loizou G (2002) Administrative scope and role hierarchy operations. SACMAT, pp 145–154. 3–4 June 2002
Delerablée C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing, Lecture notes in computer science, vol 4575. Springer, Berlin, pp 39–59
Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM workshop on Computer security architecture, pp 63–69, 2 Nov 2007
Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd international conference on Very large data bases VLDB, pp 123–134. 23–27 Sept 2007
Emura K, Miyaji A, Nomura A, Omote K, Soshi M (2009) A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: ISPEC, Lecture notes in computer science, vol 5451. Springer, Berlin, pp 13–23. 13–15 April 2009
Ferraiolo DF, Kuhn DR (1992) Role-based access controls. In: 15th national computer security conference, vol 1–2. National Institute of Standards and Technology, National Computer Security Center, pp 554–563. 13–16 Oct 1992
Fiat A, Naor M (1993) Broadcast encryption. In: CRYPTO, Lecture notes in computer science, vol 773. Springer, Berlin, pp 480–491. 22–26 Aug 1993
Garay JA, Staddon J, Wool A (2000) Long-lived broadcast encryption. In: CRYPTO, Lecture notes in computer science, vol 1880. Springer, Berlin, pp 333–352. 20–24 Aug 2000
Gentry C, Silverberg A (2002) Hierarchical id-based cryptography. In: ASIACRYPT, Lecture notes in computer science, vol 2501. Springer, Berlin, pp 548–566
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: ACM conference on computer and communications security, pp 89–98. 30 Oct–Nov 3 2006
Halevy D, Shamir A (2002) The lsd broadcast encryption scheme. In: CRYPTO, Lecture notes in computer science, vol 2442. Springer, Berlin, pp 47–60. 18–22 Aug 2002
Hassen HH, Bouabdallah A, Bettahar H, Challal Y (2007) Key management for content access control in a hierarchy. Comput Netw 51(11):3197–3219
Hu L, Liu Z, Cheng X (2010) Efficient identity-based broadcast encryption without random oracles. JCP 5(3):331–336
Ibraimi L, Tang Q, Hartel P, Jonker W (2009) Efficient and provable secure ciphertext-policy attribute-based encryption schemes. In: ISPEC, Lecture notes in computer science, vol 5451. Springer, Berlin, pp 1–12. 13–15 April 2009
Lin H, Cao Z, Liang X, Shao J (2008) Secure threshold multi authority attribute based encryption without a central authority. In: INDOCRYPT, Lecture notes in computer science, vol 5365. Springer, Berlin, pp 426–436
McLean J (1988) The algebra of security. In: IEEE symposium on security and privacy, pp 2–7. IEEE computer society, 18–21 April 1988
Miklau G, Suciu D (2003) Controlling access to published data using cryptography. In: 29th international conference on very large data, Bases, pp 898–909, Sep 2003
Miyaji A, Nakabayashi M, Takano S (2001) New explicit conditions of elliptic curve traces for fr-reduction. IEICE Trans Fundam E84-A(5):1234–1243
Oh S, Sandhu R, Zhang X (2006) An effective role administration model using organization structure. ACM Trans Inf Syst Secur 9(2):113–137
Oh S, Sandhu R (2002) A model for role administration using organization structure. SACMAT, pp155–162
Sandh R, Bhamidipat V, Munawer Q (1999) The arbac97 model for role-based administration of roles. ACM Trans Inf Syst Secur 2(1):105–135
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47
Sandhu R, Ferraiolo D, Kuhn R (2000) The nist model for role-based access control: towards a unified standard. In: ACM workshop on role-based access control, RBAC00, pp 47–63
Sandhu R, Munawer Q (1999) The arbac99 model for administration of roles. In: Computer security applications conference, (ACSAC’99) proceedings. 15th annual, pp 229–238
Shamir A (1984) Identity-based cryptosystems and signature schemes. In: CRYPTO, Lecture notes in computer science, vol 196. Springer, Berlin, pp 47–53
Zhou L, Varadharajan V, Hitchens M (October 2011) Enforcing role-based access control for secure data storage in the cloud. Comput J 54(13):1675–1687
Zhou L, Varadharajan V, Hitchens M (2012) Trusted administration of large-scale cryptographic role-based access control systems. In: TrustCom, pp 714–721. 25–27 June 2012
Zhou L, Varadharajan V, Michael H (2011) A flexible cryptographic approach to secure data storage in the the cloud using role based access control. Int J Cloud Comput
Zhu Y, Hongxin H, Ahn GJ, Wang HX, Wang SB (2011) Provably secure role-based encryption with revocation mechanism. J Comput Sci Technol 26(4):697–710
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Zhou, L., Varadharajan, V., Hitchens, M. (2014). Cryptographic Role-Based Access Control for Secure Cloud Data Storage Systems. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-38586-5_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38585-8
Online ISBN: 978-3-642-38586-5
eBook Packages: EngineeringEngineering (R0)