Author : Nisha Ranjan Sah 1
Date of Publication :31st May 2017
Abstract: Most current security solutions are based on perimeter security. However, Cloud computing breaks the organization perimeters. When data resides in the Cloud, they reside outside the organizational bounds. This leads users to a loss of control over their data and raises reasonable security concerns that slow down the adoption of Cloud computing. Is the Cloud service provider accessing the data? Is it legitimately applying the access control policy defined by the user? This paper presents a datacentric access control solution with enriched role-based expressiveness in which security is focused on protecting user data regardless the Cloud service provider that holds it. Novel identity-based and proxy re-encryption techniques are used to protect the authorization model. Data is encrypted and authorization rules are cryptographically protected to preserve user data against the service provider access or misbehavior. The authorization model provides high expressiveness with role hierarchy and resource hierarchy support. The solution takes advantage of the logic formalism provided by Semantic Web technologies, which enables advanced rule management like semantic conflict detection. A proof of concept implementation has been developed and a working prototypical deployment of the proposal has been integrated within Google services
Reference :
-
- Cloud Security Alliance, “Security guidance for critical areas of focus in cloud computing v3.0,” CSA, Tech. Rep., 2003
- Y. Zhang, J. Chen, R. Du, L. Deng, Y. Xiang, and Q. Zhou, “Feacs: A flexible and efficient access control scheme for cloud computing,” in Trust, Security and Privacy in Computing and Communications, 2014 IEEE 13th International Conference on, Sept 2014, pp. 310–319.
- B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization,” in Public Key Cryptography - PKC 2011, 2011, vol. 6571, pp. 53–70.
- B. B and V. P, “Extensive survey on usage of attribute based encryption in cloud,” Journal of Emerging Technologies in Web Intelligence, vol. 6, no. 3, 2014
- V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, ser. CCS ’06, New York, NY, USA, 2006, pp. 89–98.
- InterNational Committee for Information Technology Standards, “INCITS 494-2012 - information technology - role based access control - policy enhanced,” INCITS, Standard, Jul. 2012.
- E. Coyne and T. R. Weil, “Abac and rbac: Scalable, flexible, and auditable access management,” IT Professional, vol. 15, no. 3, pp. 14–16, 2013.
- Empower ID, “Best practices in enterprise authorization: The RBAC/ABAC hybrid approach,” Empower ID, White paper, 2013.
- D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding attributes to rolebased access control,” Computer, vol. 43, no. 6, pp. 79–81, 2010.
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-encryption schemes with applications to secure distributed storage,” ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006.
- F. Wang, Z. Liu, and C. Wang, “Full secure identitybased encryption scheme with short public key size over lattices in the standard model,” Intl. Journal of Computer Mathematics, pp. 1–10, 2015.
- M. Green and G. Ateniese, “Identity-based proxy reencryption,” in Proceedings of the 5th International Conference on Applied Cryptography and Network Security, ser. ACNS ’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 288–306.
- A. Lawall, D. Reichelt, and T. Schaller, “Resource management and authorization for cloud services,” in Proceedings of the 7th International Conference on Subject-Oriented Business Process Management, ser. S-BPM ONE ’15, New York, NY, USA, 2015, pp. 18:1–18:8.
- D. Y. Chang, M. Benantar, J. Y.-c. Chang, and V. Venkataramappa, “Authentication and authorization methods for cloud computing platform security,” Jan. 1 2015, uS Patent 20,150,007,274.
- R. Bobba, H. Khurana, and M. Prabhakaran, “Attribute-sets: A practically motivated enhancement to attribute-based encryption,” in Computer Security - ESORICS 2009. Springer Berlin Heidelberg, 2009, vol. 5789, pp. 587–604.
- G. Wang, Q. Liu, and J. Wu, “Hierarchical attributebased encryption for fine-grained access control in cloud storage services,” in Proceedings of the 17th ACM Conference on Computer and Communications Security, ser. CCS ’10, New York, NY, USA, 2010, pp. 735–737
- J. Liu, Z. Wan, and M. Gu, “Hierarchical attribute-set based encryption for scalable, flexible and finegrained access control in cloud computing,” in Information Security Practice and Experience. Springer Berlin Heidelberg, 2011, vol. 6672, pp. 98– 107.
- W3C OWL Working Group, “OWL 2 Web Ontology Language: Document overview (second edition),” World Wide Web Consortium (W3C), W3C Recommendation, Dec. 2012.
- J. M. A. Calero, J. M. M. Perez, J. B. Bernabe, F. J. G. Clemente, G. M. Perez, and A. F. G. Skarmeta, “Detection of semantic conflicts in ontology and rulebased information systems,” Data & Knowledge Engineering, vol. 69, no. 11, pp. 1117 – 1137, 2010.