Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem


As the security of cloud storage cannot be effectively guaranteed, many users are reluctant to upload their key data to the cloud for storage, which seriously hinders the development of cloud storage. Since ensuring the confidentiality of user data and avoiding unauthorized access is the key to solving the security problems of cloud storage, there has been much cryptographic research proposing the use of the combination of cryptography technologies and access control model to guarantee the data security on untrusted cloud providers. However, the vast majority of existing access control schemes for ciphertext in cloud storage do not support the dynamic update of access control policies, and the computational overhead is also very large. This is contrary to the needs of most practical applications, which leverage dynamic data and need low computation cost. To solve this problem, combined with identity-based cryptosystem (IBC) and role-based access control (RBAC) model, we propose an RBAC (In this paper we use RBAC1 model which is richer access control model)) scheme for ciphertext in cloud storage. We also give the formal definitions of our scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and write-time re-encryption strategy, which are designed for improving the system efficiency. The detailed construction processes of our scheme which. Include system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm are also given. Finally, we analyze the scheme and prove that it is correct,

access control preserving (AC- preserving) and secure.

This is a preview of subscription content, log in to check access.

Access options

Buy single article

Instant unlimited access to the full article PDF.

US$ 39.95

Price includes VAT for USA

Subscribe to journal

Immediate online access to all issues from 2019. Subscription will auto renew annually.

US$ 99

This is the net price. Taxes to be calculated in checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4


  1. 1.

    Liu Z, Chen X, Yang J et al (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207

  2. 2.

    Xu J, Wei L, Zhang Y et al (2018) Dynamic fully Homomorphic encryption-based Merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124

  3. 3.

    Liu Z, Huang Y et al (2018) DivORAM: towards a practical oblivious RAM with variable block size. Inf Sci 447:1–11

  4. 4.

    Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans Knowl Data Eng.

  5. 5.

    Yue X, Chen B, Wang X et al (2018) An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures. IEEE Access 6:62584–62600

  6. 6.

    Wang C, Chow S, Wang Q et al (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

  7. 7.

    Jung Y, Chung M (2010) Adaptive security management model in the cloud computing environment. In: The 12th international conference on advanced communication technology (ICACT), Phoenix Park, South Korea, pp 1664–1669

  8. 8.

    Freudenthal E, Pesin T, Port L et al (2002) dRBAC: distributed role-based access control for dynamic coalition environments. In: The 22nd international conference on distributed computing systems (ICDCD), Vienna, Austria, pp 411–420

  9. 9.

    Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722

  10. 10.

    Chen D, Huang X, Ren X (2009) Access control of cloud service based on UCON. In: IEEE international conference on cloud computing (CloudCom), Beijing, China, pp 559–564

  11. 11.

    Krautsevich L, Lazouski A, Martinelli F et al (2010) Risk-aware usage decision making in highly dynamic systems. In: 5th international conference on internet monitoring and protection (ICIMP), Barcelona, Spain, pp 29–34

  12. 12.

    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: International conference on theory and applications of cryptographic techniques (EUROCRYPT), Aarhus, Denmark, pp 457–473

  13. 13.

    Goyal V, Pandey O, Sahai A et al (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 89–98

  14. 14.

    Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Acm conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 195–203

  15. 15.

    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP), Berkeley, CA, USA, pp 321–334

  16. 16.

    Sun G, Yu D, Yun L (2011) CP-ABE based data access control for cloud storage. J Commun 32(7):146–152

  17. 17.

    Goyal V, Jain A, Pandey O et al (2008) Bounded Ciphertext policy attribute based encryption. In: The 35th international colloquium on automata, languages and programming, Reykjavik, Iceland, pp 579–591

  18. 18.

    Jung T, Li X, Wan Z et al (2013) Privacy preserving cloud data access with multi-authorities. In: 2013 IEEE INFOCOM, Turin, Italy, pp 2625–2633

  19. 19.

    Ruj S, Stojmenovic M, Nayak A (2012) Privacy preserving access control with authentication for securing data in clouds. In: 12th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGRID), Ottawa, ON, Canada, pp 556–563

  20. 20.

    Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE INFOCOM, San Diego, CA, USA, pp 1–9

  21. 21.

    Hur J, Dong K (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221

  22. 22.

    Chen D, Shao J, Fan X et al (2014) MAH-ABE based privacy access control in cloud computing. Acta Electron Sin 42(4):821–827

  23. 23.

    Garrison W, Shull A, Myers S et al (2016) On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: 2016 IEEE symposium on security and privacy (SP), San Jose, CA, USA, pp 819–838

  24. 24.

    Hinrichs T, Martinoia D, Garrison W et al (2013) Application-sensitive access control evaluation using parameterized expressiveness. In: IEEE 26th computer security foundations symposium, New Orleans, LA, USA, pp 145–160

  25. 25.

    Ene A, Horne W, Milosavljevic N et al (2008) Fast exact and heuristic methods for role minimization problems. In: The 13th ACM symposium on access control models and technologies (SACMAT), Estes Park, CO, USA, pp 1–10

Download references


This work is supported, in part, by the National Natural Science Foundation of China under grant No. 61872069, in part, by the Fundamental Research Funds for the Central Universities (N171704005), in part, by the Shenyang Science and Technology Plan Projects (18-013-0-01).

Author information

Correspondence to Jian Xu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Xu, J., Yu, Y., Meng, Q. et al. Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem. Mobile Netw Appl (2020).

Download citation


  • Access control
  • Cloud storage
  • RBAC
  • Identity-based cryptosystem