Towards Secure Cloud Database with Fine-Grained Access Control

  • Michael G. Solomon
  • Vaidy Sunderam
  • Li Xiong
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8566)


Outsourcing data to cloud environments can offer ease of access, provisioning, and cost benefits, but makes the data more vulnerable to disclosure. Loss of complete control over the data can be offset through encryption, but this approach requires an omniscient third party key authority to handle key management, increasing overhead complexity. We present the ZeroVis framework that provides confidentiality for data stored in a cloud environment without requiring a third party key manager. It combines fine-grained access control with the ability to search over encrypted data to allow existing applications to migrate to cloud environments with very minimal software changes, while maintaining data provider control over who can consume that data.


Confidentiality Searchable Encryption Ciphertext Policy Fine-grained Access Control Cloud 


  1. 1.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society (2007)Google Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Carroll, M., van der Merwe, A., Kotze, P.: Secure cloud computing: Benefits, risks and controls. In: Information Security South Africa (ISSA), pp. 1–9 (August 2011)Google Scholar
  4. 4.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 121–130. ACM, New York (2009)Google Scholar
  5. 5.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90. ACM, New York (2009)CrossRefGoogle Scholar
  6. 6.
    Transaction Processing Performance Council. Tpc benchmark c, standard specification version 5 (2001)Google Scholar
  7. 7.
    Deshmukh, Pasha A., Qureshi, et al.: Transparent data encryption–solution for security of database contents. arXiv preprint arXiv:1303.0418 (2013)Google Scholar
  8. 8.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB 2007, pp. 123–134. VLDB Endowment (2007)Google Scholar
  9. 9.
    Elmasri, R.A., Navathe, S.B.: Fundamentals of Database Systems [With Access Code]. Addison Wesley Publishing Company Incorporated (2011)Google Scholar
  10. 10.
    Farcasescu, M.R.: Trust model engines in cloud computing. In: 2012 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pp. 465–470 (September 2012)Google Scholar
  11. 11.
    Ferretti, L., Colajanni, M., Marchetti, M., Scaruffi, A.E.: Transparent access on encrypted data distributed over multiple cloud infrastructures. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization, CLOUD COMPUTING 2013, pp. 201–207 (2013)Google Scholar
  12. 12.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  13. 13.
    Gowrigolla, B., Sivaji, S., Masillamani, M.R.: Design and auditing of cloud computing security. In: 2010 5th International Conference on Information and Automation for Sustainability (ICIAFs), pp. 292–297 (December 2010)Google Scholar
  14. 14.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. ACM, New York (2006)Google Scholar
  15. 15.
    Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Univeristy of Twente, Tech. Rep. (2009)Google Scholar
  16. 16.
    Jansen, W., Grance, T., et al.: Guidelines on security and privacy in public cloud computing. NIST Special Publication 800:144 (2011)Google Scholar
  17. 17.
    Khan, K.M., Malluhi, Q.: Establishing trust in cloud computing. IT Professional 12(5), 20–27 (2010)CrossRefGoogle Scholar
  18. 18.
    Kim, J., Susilo, W., Au, M.H., Seberry, J.: Efficient semi-static secure broadcast encryption scheme. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 62–76. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  19. 19.
    Kulkarni, G., Chavan, N., Chandorkar, R., Waghmare, R., Palwe, R.: Cloud security challenges. In: 2012 7th International Conference on Telecommunication Systems, Services, and Applications (TSSA), pp. 88–91 (October 2012)Google Scholar
  20. 20.
    Lee, W.-B., Lee, C.-D.: A cryptographic key management solution for hipaa privacy/security regulations. IEEE Transactions on Information Technology in Biomedicine 12(1), 34–41 (2008)CrossRefGoogle Scholar
  21. 21.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems 24(1), 131–143 (2013)CrossRefGoogle Scholar
  22. 22.
    Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Theory in practice. O’Reilly Media (2009)Google Scholar
  23. 23.
    Phan, D.-H., Pointcheval, D., Shahandashti, S.F., Strefler, M.: Adaptive cca broadcast encryption with constant-size secret keys and ciphertexts. International Journal of Information Security 12(4), 251–265 (2013)CrossRefGoogle Scholar
  24. 24.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: Protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 2011, pp. 85–100. ACM, New York (2011)Google Scholar
  25. 25.
    Shen, Z., Tong, Q.: The security of cloud computing system enabled by trusted computing technology. In: 2010 2nd International Conference on Signal Processing Systems (ICSPS), vol. 2, pp. V2–11–V2–15 (July 2010)Google Scholar
  26. 26.
    Tu, S., Frans Kaashoek, M., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endow. 6(5), 289–300 (2013)Google Scholar
  27. 27.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9 (March 2010)Google Scholar
  28. 28.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 261–270. ACM, New York (2010)Google Scholar
  29. 29.
    Zheng, Q., Xu, S., Ateniese, G.: Vabks: Verifiable attribute-based keyword search over outsourced encrypted data. Cryptology ePrint Archive, Report 2013/462 (2013),
  30. 30.
    Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. The Computer Journal 54(10), 1675–1687 (2011)CrossRefGoogle Scholar
  31. 31.
    Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption: Extended abstract. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 753–755. ACM, New York (2010)Google Scholar
  32. 32.
    Zou, X., Dai, Y.-S., Bertino, E.: A practical and flexible key management mechanism for trusted collaborative computing. In: The 27th Conference on Computer Communications, INFOCOM 2008., pp. 538–546. IEEE (April 2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Michael G. Solomon
    • 1
  • Vaidy Sunderam
    • 1
  • Li Xiong
    • 1
  1. 1.Department of Mathematics & Computer ScienceEmory UniversityAtlantaUSA

Personalised recommendations