Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem

  • Jian XuEmail author
  • Yanbo Yu
  • Qingyu Meng
  • Qiyu Wu
  • Fucai Zhou


As the security of cloud storage cannot be effectively guaranteed, many users are reluctant to upload their key data to the cloud for storage, which seriously hinders the development of cloud storage. Since ensuring the confidentiality of user data and avoiding unauthorized access is the key to solving the security problems of cloud storage, there has been much cryptographic research proposing the use of the combination of cryptography technologies and access control model to guarantee the data security on untrusted cloud providers. However, the vast majority of existing access control schemes for ciphertext in cloud storage do not support the dynamic update of access control policies, and the computational overhead is also very large. This is contrary to the needs of most practical applications, which leverage dynamic data and need low computation cost. To solve this problem, combined with identity-based cryptosystem (IBC) and role-based access control (RBAC) model, we propose an RBAC (In this paper we use RBAC1 model which is richer access control model)) scheme for ciphertext in cloud storage. We also give the formal definitions of our scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and write-time re-encryption strategy, which are designed for improving the system efficiency. The detailed construction processes of our scheme which. Include system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm are also given. Finally, we analyze the scheme and prove that it is correct,

access control preserving (AC- preserving) and secure.


Access control Cloud storage RBAC Identity-based cryptosystem 



This work is supported, in part, by the National Natural Science Foundation of China under grant No. 61872069, in part, by the Fundamental Research Funds for the Central Universities (N171704005), in part, by the Shenyang Science and Technology Plan Projects (18-013-0-01).


  1. 1.
    Liu Z, Chen X, Yang J et al (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207CrossRefGoogle Scholar
  2. 2.
    Xu J, Wei L, Zhang Y et al (2018) Dynamic fully Homomorphic encryption-based Merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124CrossRefGoogle Scholar
  3. 3.
    Liu Z, Huang Y et al (2018) DivORAM: towards a practical oblivious RAM with variable block size. Inf Sci 447:1–11CrossRefGoogle Scholar
  4. 4.
    Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans Knowl Data Eng.
  5. 5.
    Yue X, Chen B, Wang X et al (2018) An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures. IEEE Access 6:62584–62600CrossRefGoogle Scholar
  6. 6.
    Wang C, Chow S, Wang Q et al (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375MathSciNetCrossRefGoogle Scholar
  7. 7.
    Jung Y, Chung M (2010) Adaptive security management model in the cloud computing environment. In: The 12th international conference on advanced communication technology (ICACT), Phoenix Park, South Korea, pp 1664–1669Google Scholar
  8. 8.
    Freudenthal E, Pesin T, Port L et al (2002) dRBAC: distributed role-based access control for dynamic coalition environments. In: The 22nd international conference on distributed computing systems (ICDCD), Vienna, Austria, pp 411–420Google Scholar
  9. 9.
    Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722CrossRefGoogle Scholar
  10. 10.
    Chen D, Huang X, Ren X (2009) Access control of cloud service based on UCON. In: IEEE international conference on cloud computing (CloudCom), Beijing, China, pp 559–564Google Scholar
  11. 11.
    Krautsevich L, Lazouski A, Martinelli F et al (2010) Risk-aware usage decision making in highly dynamic systems. In: 5th international conference on internet monitoring and protection (ICIMP), Barcelona, Spain, pp 29–34Google Scholar
  12. 12.
    Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: International conference on theory and applications of cryptographic techniques (EUROCRYPT), Aarhus, Denmark, pp 457–473Google Scholar
  13. 13.
    Goyal V, Pandey O, Sahai A et al (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 89–98Google Scholar
  14. 14.
    Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Acm conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 195–203Google Scholar
  15. 15.
    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP), Berkeley, CA, USA, pp 321–334CrossRefGoogle Scholar
  16. 16.
    Sun G, Yu D, Yun L (2011) CP-ABE based data access control for cloud storage. J Commun 32(7):146–152Google Scholar
  17. 17.
    Goyal V, Jain A, Pandey O et al (2008) Bounded Ciphertext policy attribute based encryption. In: The 35th international colloquium on automata, languages and programming, Reykjavik, Iceland, pp 579–591CrossRefGoogle Scholar
  18. 18.
    Jung T, Li X, Wan Z et al (2013) Privacy preserving cloud data access with multi-authorities. In: 2013 IEEE INFOCOM, Turin, Italy, pp 2625–2633CrossRefGoogle Scholar
  19. 19.
    Ruj S, Stojmenovic M, Nayak A (2012) Privacy preserving access control with authentication for securing data in clouds. In: 12th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGRID), Ottawa, ON, Canada, pp 556–563Google Scholar
  20. 20.
    Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE INFOCOM, San Diego, CA, USA, pp 1–9Google Scholar
  21. 21.
    Hur J, Dong K (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221CrossRefGoogle Scholar
  22. 22.
    Chen D, Shao J, Fan X et al (2014) MAH-ABE based privacy access control in cloud computing. Acta Electron Sin 42(4):821–827Google Scholar
  23. 23.
    Garrison W, Shull A, Myers S et al (2016) On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: 2016 IEEE symposium on security and privacy (SP), San Jose, CA, USA, pp 819–838CrossRefGoogle Scholar
  24. 24.
    Hinrichs T, Martinoia D, Garrison W et al (2013) Application-sensitive access control evaluation using parameterized expressiveness. In: IEEE 26th computer security foundations symposium, New Orleans, LA, USA, pp 145–160Google Scholar
  25. 25.
    Ene A, Horne W, Milosavljevic N et al (2008) Fast exact and heuristic methods for role minimization problems. In: The 13th ACM symposium on access control models and technologies (SACMAT), Estes Park, CO, USA, pp 1–10Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Authors and Affiliations

  1. 1.Software CollegeNortheastern UniversityShenyangChina

Personalised recommendations