Adopting Multi-mode Access Control for Secure Data Sharing in Cloud
Cloud data sharing introduces a new challenge to the enforcement of security controls. The existing approaches are not flexible and low efficiency while performing access control. In this paper, we propose a multi-mode access control scheme, which can support multiple access strategies for data distributed at different areas in cloud. Meanwhile, we introduce the concept of dynamic attribute into the access policy to adjust user’s access privileges timely according to his changeable characteristics. Specifically, we present an efficient revocation method which uses confusion token to process the ciphertext at the server. We apply these techniques to design a muti-mode access control system and implement the prototype based on the Openstack platform. Furthermore, we devise a Uniform Access Control Markup Language (UACML) based on XACML, which greatly improves the expressiveness of our multi-mode access control policies. The experimental results show that our scheme has low computational overhead for revocation as well as good flexibility.
KeywordsCloud Access control Dynamic attribute Revocation
Firstly, the authors would like to thank the anonymous referees of ICA3PP 2015 for their reviews and suggestions to improve this paper. Secondly, the work is supported by the National High Technology Research and Development Program (863 Program) of China under Grant No. 2013AA013203, and also supported by the National Natural Science Foundation of China under Grant No. 61232004.
- 1.Masood, R., Shibli, M.A.: Comparative analysis of access control systems on cloud. In: 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel and Distributed Computing (SNPD), pp. 41–46. IEEE (2012)Google Scholar
- 2.Ruj, S.: Attribute based access control in clouds: a survey. In: Signal Processing and Communications (SPCOM), pp. 1–6 (2014)Google Scholar
- 3.Sirisha, A., Kumari, G.: API access control in cloud using role based access control model. In: Trendz in Information Sciences and Computing (2010)Google Scholar
- 4.Sanka, S., Hota, C., Rajarajan, M.: Secure data access in cloud computing. In: International Conference on Internet Multimedia Services Architecture and Application (2010)Google Scholar
- 5.Lee, C.-C., Chung, P.-S., Hwang, M.-S.: A survey on attribute-based encryption schemes of access control in cloud environments. IJ Netw. Secur. 15(4), 231–240 (2013)Google Scholar
- 6.Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM, pp. 534–542 (2010)Google Scholar
- 7.Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 121–130 (2009)Google Scholar
- 8.Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium Information, Computer and Comm. Security (ASIACCS 2010), pp. 261–270 (2010)Google Scholar
- 10.Xu, Z., Martin, K.M.: Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 844–849 (2012)Google Scholar
- 12.Slimani, N., Khambhammettu, H., Adi, K., et al.: UACML: unified access control modeling language. In: 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–8 (2011)Google Scholar
- 13.Mon, E.E., Naing, T.T.: The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), pp. 447–451 (2011)Google Scholar
- 15.Wang, G., Liu, Q., Wu, J.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE Proceedings of INFOCOM (2010)Google Scholar