Advertisement

Adopting Multi-mode Access Control for Secure Data Sharing in Cloud

  • Chunhua LiEmail author
  • Ronglei Wei
  • Zebang Wu
  • Ke Zhou
  • Cheng Lei
  • Hao Jin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9530)

Abstract

Cloud data sharing introduces a new challenge to the enforcement of security controls. The existing approaches are not flexible and low efficiency while performing access control. In this paper, we propose a multi-mode access control scheme, which can support multiple access strategies for data distributed at different areas in cloud. Meanwhile, we introduce the concept of dynamic attribute into the access policy to adjust user’s access privileges timely according to his changeable characteristics. Specifically, we present an efficient revocation method which uses confusion token to process the ciphertext at the server. We apply these techniques to design a muti-mode access control system and implement the prototype based on the Openstack platform. Furthermore, we devise a Uniform Access Control Markup Language (UACML) based on XACML, which greatly improves the expressiveness of our multi-mode access control policies. The experimental results show that our scheme has low computational overhead for revocation as well as good flexibility.

Keywords

Cloud Access control Dynamic attribute Revocation 

Notes

Acknowledgments

Firstly, the authors would like to thank the anonymous referees of ICA3PP 2015 for their reviews and suggestions to improve this paper. Secondly, the work is supported by the National High Technology Research and Development Program (863 Program) of China under Grant No. 2013AA013203, and also supported by the National Natural Science Foundation of China under Grant No. 61232004.

References

  1. 1.
    Masood, R., Shibli, M.A.: Comparative analysis of access control systems on cloud. In: 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel and Distributed Computing (SNPD), pp. 41–46. IEEE (2012)Google Scholar
  2. 2.
    Ruj, S.: Attribute based access control in clouds: a survey. In: Signal Processing and Communications (SPCOM), pp. 1–6 (2014)Google Scholar
  3. 3.
    Sirisha, A., Kumari, G.: API access control in cloud using role based access control model. In: Trendz in Information Sciences and Computing (2010)Google Scholar
  4. 4.
    Sanka, S., Hota, C., Rajarajan, M.: Secure data access in cloud computing. In: International Conference on Internet Multimedia Services Architecture and Application (2010)Google Scholar
  5. 5.
    Lee, C.-C., Chung, P.-S., Hwang, M.-S.: A survey on attribute-based encryption schemes of access control in cloud environments. IJ Netw. Secur. 15(4), 231–240 (2013)Google Scholar
  6. 6.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM, pp. 534–542 (2010)Google Scholar
  7. 7.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 121–130 (2009)Google Scholar
  8. 8.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium Information, Computer and Comm. Security (ASIACCS 2010), pp. 261–270 (2010)Google Scholar
  9. 9.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  10. 10.
    Xu, Z., Martin, K.M.: Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 844–849 (2012)Google Scholar
  11. 11.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S.: Proposed NIST standard for role based access control. ACM Trans. Inf. Syst. Secur. 4, 224–274 (2001)CrossRefGoogle Scholar
  12. 12.
    Slimani, N., Khambhammettu, H., Adi, K., et al.: UACML: unified access control modeling language. In: 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–8 (2011)Google Scholar
  13. 13.
    Mon, E.E., Naing, T.T.: The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), pp. 447–451 (2011)Google Scholar
  14. 14.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  15. 15.
    Wang, G., Liu, Q., Wu, J.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE Proceedings of INFOCOM (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Chunhua Li
    • 1
    Email author
  • Ronglei Wei
    • 1
  • Zebang Wu
    • 1
  • Ke Zhou
    • 1
  • Cheng Lei
    • 1
  • Hao Jin
    • 1
  1. 1.Wuhan National Lab for OptoelectronicsHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations