Advertisement

Access Control Management for Secure Cloud Storage

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 198)

Abstract

With the widespread success and adoption of cloud-based solutions, we are witnessing an ever increasing reliance on external providers for storing and managing data. This evolution is greatly facilitated by the availability of solutions - typically based on encryption - ensuring the confidentiality of externally outsourced data against the storing provider itself. Selective application of encryption (i.e., with different keys depending on the authorizations holding on data) provides a convenient approach to access control policy enforcement. Effective realization of such policy-based encryption entails addressing several problems related to key management, access control enforcement, and authorization revocation, while ensuring efficiency of access and deployment with current technology. We present the design and implementation of an approach to realize policy-based encryption for enforcing access control in OpenStack Swift. We also report experimental results evaluating and comparing different implementation choices of our approach.

Keywords

Cloud Storage Cloud Service Provider Data Owner Access Control Policy Access Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work was supported in part by the EC within the H2020 under grant agreement 644579 (ESCUDO-CLOUD) and within the FP7 under grant agreement 312797 (ABC4EU).

References

  1. 1.
    Albaroodi, H., Manickam, S., Anbar, M.: A proposed framework for outsourcing and secure encrypted data on OpenStack object storage (Swift). J. Comput. Sci. 11(3), 590–597 (2015)CrossRefGoogle Scholar
  2. 2.
    Albaroodi, H., Manickam, S., Singh, P.: Critical review of OpenStack security: Issues and weaknesses. J. Comput. Sci. 10(1), 23–33 (2014)CrossRefGoogle Scholar
  3. 3.
    Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Mix&Slice: Efficient access revocation in the cloud. In: Proceedings of CCS, Vienna, Austria, October 2016Google Scholar
  4. 4.
    Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proceedings of SACMAT, Shanghai, China, June 2016Google Scholar
  5. 5.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Enforcing dynamic write privileges in data outsourcing. Comput. Secur. 39, 47–63 (2013)CrossRefGoogle Scholar
  6. 6.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., Samarati, P.: Encryption-based policy enforcement for cloud storage. In: Proceedings of SPCC, Genova, Italy, June 2010Google Scholar
  7. 7.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proceedings of VLDB, Vienna, Austria, September 2007Google Scholar
  8. 8.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (2010)Google Scholar
  9. 9.
    De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: Proceedings of ICDCS, Minneapolis, USA, June 2011Google Scholar
  10. 10.
    De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Shuffle index: Efficient and private access to outsourced data. ACM TOS 11(4), 19:1–19:55 (2015)Google Scholar
  11. 11.
    Easley, D., Kleinberg, J.: Networks, Crowds, and Markets: Reasoning About a Highly Connected World. Cambridge University Press, New York (2010)CrossRefzbMATHGoogle Scholar
  12. 12.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS, Alexandria, USA, October–November 2006Google Scholar
  13. 13.
    Kaaniche, N., Laurent, M., El Barbori, M.: Cloudasec: a novel public-key based framework to handle data sharing security in clouds. In: Proceedings of SECRYPT, Vienna, Austria, August 2014Google Scholar
  14. 14.
    Kang, S., Veeravalli, B., Aung, K.M.M.: ESPRESSO: An encryption as a service for cloud storage systems. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds.) AIMS 2014. LNCS, vol. 8508, pp. 15–28. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43862-6_2 Google Scholar
  15. 15.
  16. 16.
    Sefraoui, O., Aissaoui, M., Eleuldj, M.: OpenStack: Toward an open-source solution for cloud computing. IJCA 55(3), 38–42 (2012)CrossRefGoogle Scholar
  17. 17.
    Stefanov, E., van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., Devadas, S.: Path ORAM: An extremely simple oblivious RAM protocol. In: Proceedings of ACM CCS, Berlin, Germany, November 2013Google Scholar
  18. 18.
    Wang, C., Cao, N., Ren, K., Lou, W.: Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE TPDS 23(8), 1467–1479 (2012)Google Scholar
  19. 19.
    Wen, X., Gu, G., Li, Q., Gao, Y., Zhang, X.: Comparison of open-source cloud management platforms: OpenStack and OpenNebula. In: Proceedings of FSKD, Sichuan, China, May 2012Google Scholar
  20. 20.
    Yao, J., Chen, S., Nepal, S., Levy, D., Zic, J.: Truststore: making Amazon S3 trustworthy with services composition. In: Proceedings of CCGrid, Melbourne, Australia, May 2010Google Scholar
  21. 21.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of INFOCOM, San Diego, USA, March 2010Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  1. 1.Università degli Studi di BergamoBergamoItaly
  2. 2.Università degli Studi di MilanoMilanItaly

Personalised recommendations