Advertisement

ABAC: Attribute-Based Access Control

  • Kan YangEmail author
  • Xiaohua Jia
Chapter
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Abstract

Cloud storage service allows data owner to outsource their data to the cloud and through which provide the data access to the users. Because the cloud server and the data owner are not in the same trust domain, the semi-trusted cloud server cannot be relied to enforce the access policy. To address this challenge, traditional methods usually require the data owner to encrypt the data and deliver decryption keys to authorized users. These methods, however, normally involve complicated key management and high overhead on data owner. In this chapter, we introduce ABAC, an access control framework for cloud storage systems that achieves fine-grained access control based on an adapted Ciphertext-Policy Attribute-based Encryption (CP-ABE) approach. In ABAC, an efficient attribute revocation method is proposed to cope with the dynamic changes of users’ access privileges in large-scale systems.

Keywords

Attribute-based Access Control (ABAC) Attribute Revocation Cloud Storage System Data Owner Cloud Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute-based encryption. In: Proceedings of the Third International Conference on Pairing-Based Cryptography (Pairing’09), pp. 248–265. Springer (2009)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S &P’07), pp. 321–334. IEEE Computer Society (2007)Google Scholar
  3. 3.
    Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: Proceedings of the 2005 ACM Workshop On Storage Security And Survivability (StorageSS’05), pp. 74–83. ACM (2005)Google Scholar
  4. 4.
    Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: Sirius: securing remote untrusted storage. In: Proceedings of the Network and Distributed System Security Symposium (NDSS’03). The Internet Society (2003)Google Scholar
  5. 5.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 89–98. ACM (2006)Google Scholar
  6. 6.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  7. 7.
    Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11), pp. 411–415. ACM (2011)Google Scholar
  8. 8.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST’03). USENIX (2003)Google Scholar
  9. 9.
    Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11), pp. 386–390. ACM (2011)Google Scholar
  10. 10.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 2009 ACM Symposium on Information, Computer and Communications Security, ASIACCS’09, pp. 276–286. ACM (2009)Google Scholar
  11. 11.
    Liang, X., Lu, R., Lin, X.: Ciphertext policy attribute based encryption with efficient revocation. University of Waterloo, Technical Report (2011)Google Scholar
  12. 12.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Electronic Colloquium on Computational Complexity (ECCC) (2002)Google Scholar
  13. 13.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07), pp. 195–203. ACM (2007)Google Scholar
  14. 14.
    Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 99–112. ACM (2006)Google Scholar
  15. 15.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology—EUROCRYPT’05, pp. 457–473. Springer (2005)Google Scholar
  16. 16.
    Sohr, K., Drouineaud, M., Ahn, G.J., Gogolla, M.: Analyzing and managing role-based access control policies. IEEE Trans. Knowl. Data Eng. 20(7), 924–939 (2008)CrossRefGoogle Scholar
  17. 17.
    Staddon, J., Golle, P., Gagné, M., Rasmussen, P.: A content-driven access control system. In: Proceedings of the 7th Symposium on Identity and Trust on the Internet (IDtrust’08), pp. 26–35. ACM (2008)Google Scholar
  18. 18.
    di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM workshop on Computer Security Architecture (CSAW’07), pp. 63–69. ACM (2007)Google Scholar
  19. 19.
    di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB’07), pp. 123–134. ACM (2007)Google Scholar
  20. 20.
    Wang, W., Li, Z., Owens, R., Bhargava, B.K.: Secure and efficient access to outsourced data. In: Proceedings of the First ACM Cloud Computing Security Workshop (CCSW’09), pp. 55–66. ACM (2009)Google Scholar
  21. 21.
    Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Proceedings of the 4th International Conference on Practice and Theory in Public Key Cryptography (PKC’11), pp. 53–70. Springer (2011)Google Scholar
  22. 22.
    Yang, K., Liu, Z., et al.: TAAC: temporal attribute-based access control for multi-authority cloud storage systems. IACR Cryptology ePrint Archive, p. 772 (2012)Google Scholar
  23. 23.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of the 29th IEEE International Conference on Computer Communications (INFOCOM’10), pp. 534–542. IEEE (2010)Google Scholar
  24. 24.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10), pp. 261–270. ACM (2010)Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceCity University of Hong KongKowloonHong Kong SAR

Personalised recommendations