Protecting Resources and Regulating Access in Cloud-Based Object Storage

Part of the Lecture Notes in Computer Science book series (LNCS, volume 11170)


Cloud storage services offer a variety of benefits that make them extremely attractive for the management of large amounts of data. These services, however, raise some concerns related to the proper protection of data that, being stored on servers of third party cloud providers, are no more under the data owner control. The research and development community has addressed these concerns by proposing solutions where encryption is adopted not only for protecting data but also for regulating accesses. Depending on the trust assumption on the cloud provider offering the storage service, encryption can be applied at the server side, client side, or through an hybrid approach. The goal of this chapter is to survey these encryption-based solutions and to provide a description of some representative systems that adopt such solutions.



This work was supported in part by the EC within the H2020 under grant agreement 644579 (ESCUDO-CLOUD) and within the FP7 under grant agreement 312797 (ABC4EU).


  1. 1.
    A peer-to-peer cloud storage network, Storj Labs Inc. (2016).
  2. 2.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefGoogle Scholar
  3. 3.
    Bacis, E., et al.: Managing data sharing in OpenStack swift with over-encryption. In: Proceedings of the 3rd ACM Workshop on Information Sharing and Collaborative Security, Vienna, Austria, October 2016Google Scholar
  4. 4.
    Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Access control management for secure cloud storage. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 353–372. Springer, Cham (2017). Scholar
  5. 5.
    Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Mix&slice: efficient access revocation in the cloud. In: Proceedings of the 23rd ACM Conference on Computer and Communication Security, Vienna, Austria, October 2016Google Scholar
  6. 6.
    Bacis, E., Rosa, M., Sajjad, A.: EncSwift and key management: an integrated approach in an industrial setting. In: Proceedings of the 3rd IEEE Workshop on Security and Privacy in the Cloud, Las Vegas, Nevada, October 2017Google Scholar
  7. 7.
    Björkqvist, M., et al.: Design and implementation of a key-lifecycle management system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 160–174. Springer, Heidelberg (2010). Scholar
  8. 8.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). Scholar
  9. 9.
    Daryabar, F., Dehghantanha, A., Choo, K.K.R.: Cloud storage forensics: MEGA as a case study. Aust. J. Forensic Sci. 49(3), 344–357 (2017)CrossRefGoogle Scholar
  10. 10.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, Vienna, Austria, September 2007Google Scholar
  11. 11.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35(2), 12:1–12:46 (2010)Google Scholar
  12. 12.
    De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Selective and private access to outsourced data centers. In: Khan, S.U., Zomaya, A.Y. (eds.) Handbook on Data Centers, pp. 997–1027. Springer, New York (2015). Scholar
  13. 13.
    De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Practical techniques building on encryption for protecting and managing data in the cloud. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 205–239. Springer, Heidelberg (2016). Scholar
  14. 14.
  15. 15.
    Ducatel, G., Daniel, J., Dimitrakos, T., El-Moussa, F.A., Rowlingson, R., Sajjad, A.: Managed security service distribution model. In: Proceedings of the 4th International Conference on Cloud Computing and Intelligence Systems, Beijing, China, August 2016Google Scholar
  16. 16.
    Filecoin: A decentralized storage network. protocol labs (2017).
  17. 17.
    Information regarding security and privacy by design at MEGA.
  18. 18.
    Jhawar, R., Piuri, V., Samarati, P.: Supporting security requirements for resource management in cloud computing. In: Proceedings of the 15th IEEE International Conference on Computational Science and Engineering, Paphos, Cyprus, December 2012Google Scholar
  19. 19.
    Jivanyan, A., Yeghiazaryan, R., Darbinyan, A., Manukyan, A.: Secure collaboration in public cloud storages. In: Baloian, N., Zorian, Y., Taslakian, P., Shoukouryan, S. (eds.) CRIWG 2015. LNCS, vol. 9334, pp. 190–197. Springer, Cham (2015). Scholar
  20. 20.
    Samarati, P., De Capitani di Vimercati, S.: Cloud security: issues and concerns. In: Murugesan, S., Bojanova, I. (eds.) Encyclopedia on Cloud Computing. Wiley, Hoboken (2016)zbMATHGoogle Scholar
  21. 21.
    Sia: Simple decentralized storage (2014).
  22. 22.
    Wilkinson, S., et al.: Storj - a peer-to-peer cloud storage network (2014).

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Università degli Studi di BergamoBergamoItaly
  2. 2.Università degli Studi di MilanoMilanItaly

Personalised recommendations