With the rapid development of the computer technology, cloud-based services have become a hot topic. Cloud based
services not only provide users with convenience, but also bring many security issues. Therefore, the study of access control scheme
to protect users' privacy in cloud environment is of great significance. In this paper, we present an access control system with
privilege separation based on privacy protection (PS-ACS).In the PS-ACS scheme, we divide the users into personal domain(PSD)
and public domain (PUD) logically. In the PSD, we set read and write access permissions for users respectively. The Key-Aggregate
Encryption (KAE) is exploited to implement there ad access permission which improves the access efficiency. A high degree of
patient privacy is guaranteed simultaneously by exploiting an Improved Attribute-based Signature (IABS) which can determine
the users’ write access. For the users of PUD, a hierarchical attribute-based encryption (HABE) is applied to avoid the issues of
single point of failure and complicated key distribution. Function and performance testing result shows that the PS-ACS scheme
can achieve privacy protection in cloud based services.
Keywords: