Enforcing role-based access control for secure data storage in the cloud

Lan Zhou*, Vijay Varadharajan, Michael Hitchens

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

84 Citations (Scopus)


In recent times, there has been increasing interest in storing data securely in the cloud environment. To provide owners of data stored in the cloud with flexible control over access to their data by other users, we propose a role-based encryption (RBE) scheme for secure cloud storage. Our scheme allows the owner of data to store it in an encrypted form in the cloud and to grant access to that data for users with specific roles. The scheme specifies a set of roles to which the users are assigned, with each role having a set of permissions. The data owner can encrypt the data and store it in the cloud in such a way that only users with specific roles can decrypt the data. Anyone else, including the cloud providers themselves, will not be able to decrypt the data. We describe such an RBE scheme using a broadcast encryption algorithm. The paper describes the security analysis of the proposed scheme and gives proofs showing that the proposed scheme is secure against attacks. We also analyse the efficiency and performance of our scheme and show that it has superior characteristics compared with other previously published schemes.

Original languageEnglish
Pages (from-to)1675-1687
Number of pages13
JournalComputer Journal
Issue number10
Publication statusPublished - Oct 2011


Dive into the research topics of 'Enforcing role-based access control for secure data storage in the cloud'. Together they form a unique fingerprint.

Cite this