Abstract
With the rapid and wide adoption of cloud computing, data outsourcing in cloud storage is gaining attention due to its cost effectiveness, reliability and availability. However, data outsourcing introduces new data security and privacy issues, therefore access control and cryptography are essential ingredients in a cloud computing environment to assure the confidentiality of the outsourced data. Existing access control systems suffer from manual user role and role permission assignments that impose online and computational burdens on the data owner in large scale cloud systems. In this paper, a hierarchical attribute driven role based access control system is proposed, such that the user role assignments can be automatically constructed using policies applied on the attributes of users and roles. The proposed access control system consequently solves the scalability and key management problems in cloud storage systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abo-alian, A., Badr, N.L., Tolba, M.F.: Auditing-as-a-service for cloud storage. In: Intelligent Systems’ 2014, pp. 559–568. Springer International Publishing (2015)
Borgmann, M., Hahn, T., Herfert, M., Kunz, T., Richter, M., Viebeg, U., et al.: On the Security of Cloud Storage Services. Fraunhofer-Verlag, Stuttgart (2012)
Deng, H., Wu, Q., Qin, B., Domingo-Ferrer, J., Zhang, L.L., Shi, W.: Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf. Sci. 275, 370–384 (2014)
Glasser, D.S., Zaner-Godsey, M., Gates, W.H., Cheng, L., Meijer, H.J., Snyder, I.L.: Cloud-based Access Control List. U.S. Patent Application 11/536, 457 (2006)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based Encryption for fine-grained access control of encrypted data. In: The 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
Hohenberger, S., Waters, B.: Attribute-based encryption with fast decryption. In: Public-Key CryptographyPKC 2013, pp. 162–179. Springer, Berlin (2013)
Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-ased policies into role-based access control. In: The 17th ACM Symposium on Access Control Models and Technologies, pp. 187–196. ACM (2012)
Kamara, S., Lauter, K.: Cryptographic Cloud Storage. Financial Cryptography and Data Security, pp. 136–149. Springer, Berlin (2010)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 6, 79–81 (2010)
Li, J., Chen, X., Li, J., Jia, C., Ma, J., Lou, W.: Fine-Grained access control system based on outsourced attribute-based encryption. In: Computer Security–ESORICS 2013, pp. 592–609. Springer, Berlin (2013)
Liu, Q., Wang, G., Wu, J.: Time-Based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf. Sci. 258, 355–370 (2014)
Li, Q., Xiong, H., Zhang, F., Zeng, S.: An expressive decentralizing KP-ABE scheme with constant-size ciphertext. Int. J. Netw. Secur. 15(3), 161–170 (2013)
Ni, Q., Lin, D., Bertino, E., Lobo, J.: Conditional privacy-aware role based access control. In: Computer Security–ESORICS 2007, pp. 72–89. Springer, Berlin (2007)
Pervez, Z., Khattak, A.M., Lee, S., Lee, Y.K., Huh, E.N.: Oblivious access control policies for cloud based data sharing systems. Computing 94(12), 915–938 (2012)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Advances in Cryptology–EUROCRYPT 2005, pp. 457–473. Springer, Berlin (2005)
Wan, Z., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)
Waters, B.: Ciphertext-Policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public Key Cryptography–PKC 2011, pp. 53–70. Springer, Berlin (2011)
Xie, X., Ma, H., Li, J., Chen, X.: New ciphertext-policy attribute-based access control with efficient revocation. In: Information and Communication Technology, pp. 373–382. Springer, Berlin (2013)
Yang, K., Jia, X.: DAC-MACS: Effective data access control for multi-authority cloud storage systems. In: Security for Cloud Storage Systems, pp. 59–83. Springer, New York (2014)
Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(10), 1675–1687 (2011)
Zhou, L., Varadharajan, V., Hitchens, M.: Secure administration of cryptographic role-based access control for large-scale cloud storage systems. J. Comput. Syst. Sci. 80(8), 1518–1533 (2014)
Zhou, L., Varadharajan, V., Hitchens, M.: Cryptographic role-based access control for secure cloud data storage systems. In: Security, privacy and trust in cloud systems, pp. 313–344. Springer, Berlin (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Abo-alian, A., Badr, N.L., Tolba, M.F. (2016). Hierarchical Attribute-Role Based Access Control for Cloud Computing. In: Gaber, T., Hassanien, A., El-Bendary, N., Dey, N. (eds) The 1st International Conference on Advanced Intelligent System and Informatics (AISI2015), November 28-30, 2015, Beni Suef, Egypt. Advances in Intelligent Systems and Computing, vol 407. Springer, Cham. https://doi.org/10.1007/978-3-319-26690-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-26690-9_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26688-6
Online ISBN: 978-3-319-26690-9
eBook Packages: Computer ScienceComputer Science (R0)