Trusted administration of large-scale cryptographic role-based access control systems

Lan Zhou*, Vijay Varadharajan, Michael Hitchens

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)


There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationthe 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), the 11th IEEE International Conference on Ubiquitous Computing and Communications (IUCC 2012): 25-27 June 2012, Liverpool, UK
EditorsGeyong Min, Yulei Wu, Lei (Chris) Liu, Xiaolong Jin, Stephen Jarvis, Ahmed Y. Al-Dubai
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages8
ISBN (Print)9780769547459
Publication statusPublished - 2012
Event11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom
Duration: 25 Jun 201227 Jun 2012


Other11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
CountryUnited Kingdom


Dive into the research topics of 'Trusted administration of large-scale cryptographic role-based access control systems'. Together they form a unique fingerprint.

Cite this