Abstract
Cloud data sharing introduces a new challenge to the enforcement of security controls. The existing approaches are not flexible and low efficiency while performing access control. In this paper, we propose a multi-mode access control scheme, which can support multiple access strategies for data distributed at different areas in cloud. Meanwhile, we introduce the concept of dynamic attribute into the access policy to adjust user’s access privileges timely according to his changeable characteristics. Specifically, we present an efficient revocation method which uses confusion token to process the ciphertext at the server. We apply these techniques to design a muti-mode access control system and implement the prototype based on the Openstack platform. Furthermore, we devise a Uniform Access Control Markup Language (UACML) based on XACML, which greatly improves the expressiveness of our multi-mode access control policies. The experimental results show that our scheme has low computational overhead for revocation as well as good flexibility.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Masood, R., Shibli, M.A.: Comparative analysis of access control systems on cloud. In: 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel and Distributed Computing (SNPD), pp. 41–46. IEEE (2012)
Ruj, S.: Attribute based access control in clouds: a survey. In: Signal Processing and Communications (SPCOM), pp. 1–6 (2014)
Sirisha, A., Kumari, G.: API access control in cloud using role based access control model. In: Trendz in Information Sciences and Computing (2010)
Sanka, S., Hota, C., Rajarajan, M.: Secure data access in cloud computing. In: International Conference on Internet Multimedia Services Architecture and Application (2010)
Lee, C.-C., Chung, P.-S., Hwang, M.-S.: A survey on attribute-based encryption schemes of access control in cloud environments. IJ Netw. Secur. 15(4), 231–240 (2013)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM, pp. 534–542 (2010)
Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 121–130 (2009)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium Information, Computer and Comm. Security (ASIACCS 2010), pp. 261–270 (2010)
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)
Xu, Z., Martin, K.M.: Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 844–849 (2012)
Ferraiolo, D.F., Sandhu, R., Gavrila, S.: Proposed NIST standard for role based access control. ACM Trans. Inf. Syst. Secur. 4, 224–274 (2001)
Slimani, N., Khambhammettu, H., Adi, K., et al.: UACML: unified access control modeling language. In: 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–8 (2011)
Mon, E.E., Naing, T.T.: The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), pp. 447–451 (2011)
Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)
Wang, G., Liu, Q., Wu, J.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE Proceedings of INFOCOM (2010)
Acknowledgments
Firstly, the authors would like to thank the anonymous referees of ICA3PP 2015 for their reviews and suggestions to improve this paper. Secondly, the work is supported by the National High Technology Research and Development Program (863 Program) of China under Grant No. 2013AA013203, and also supported by the National Natural Science Foundation of China under Grant No. 61232004.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, C., Wei, R., Wu, Z., Zhou, K., Lei, C., Jin, H. (2015). Adopting Multi-mode Access Control for Secure Data Sharing in Cloud. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9530. Springer, Cham. https://doi.org/10.1007/978-3-319-27137-8_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-27137-8_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27136-1
Online ISBN: 978-3-319-27137-8
eBook Packages: Computer ScienceComputer Science (R0)