Abstract
There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques.
| Original language | English |
|---|---|
| Title of host publication | Proceedings |
| Subtitle of host publication | the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), the 11th IEEE International Conference on Ubiquitous Computing and Communications (IUCC 2012): 25-27 June 2012, Liverpool, UK |
| Editors | Geyong Min, Yulei Wu, Lei (Chris) Liu, Xiaolong Jin, Stephen Jarvis, Ahmed Y. Al-Dubai |
| Place of Publication | Piscataway, NJ |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 714-721 |
| Number of pages | 8 |
| ISBN (Print) | 9780769547459 |
| DOIs | |
| Publication status | Published - 2012 |
| Event | 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom Duration: 25 Jun 2012 → 27 Jun 2012 |
Other
| Other | 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 |
|---|---|
| Country/Territory | United Kingdom |
| City | Liverpool |
| Period | 25/06/12 → 27/06/12 |