skip to main content
10.1145/2752952.2752972acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Commune: Shared Ownership in an Agnostic Cloud

Published: 01 June 2015 Publication History

Abstract

Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because, for example, one owner can delete files and revoke access without consulting the other collaborators.
In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose a solution, called Commune, to the problem of distributed enforcement of shared ownership in agnostic clouds, so that access grants require the support of an agreed threshold of owners. Commune can be used in existing clouds without modifications to the platforms. We analyze the security of our solution and evaluate its performance through an implementation integrated with Amazon S3.

References

[1]
Amazon Simple Storage Service (Amazon S3). http://aws.amazon.com/s3/.
[2]
Github - Jerasure. https://github.com/tsuraan/Jerasure.
[3]
Shamir's Secret Share in Java (secretsharejava). http://sourceforge.net/apps/trac/secretsharejava/wiki.
[4]
The Legion of the Bouncy Castle. http://www.bouncycastle.org/java.html.
[5]
The Respect Network. https://www.respectnetwork.com/.
[6]
WD My Cloud. http://www.wdc.com/en/products/products.aspx?id=1140.
[7]
M. Abd-El-Malek, G. R. Ganger, G. R. Goodson, M. K. Reiter, and J. J. Wylie. Fault-Scalable Byzantine Fault-Tolerant Services. In ACM Symposium on Operating Systems Principles (SOSP), pages 59--74, 2005.
[8]
M. K. Aguilera, R. Janakiraman, and L. Xu. Using Erasure Codes Efficiently for Storage in a Distributed System. In International Conference on Dependable Systems and Networks (DSN), pages 336--345, 2005.
[9]
M. Y. Becker, C. Fournet, and A. D. Gordon. SecPAL: Design and Semantics of a Decentralized Authorization Language. In Journal of Computer Security (JCS), pages 597--643, 2010.
[10]
A. Beimel. Secret-sharing schemes: A survey. In Third International Workshop on Coding and Cryptology (IWCC), pages 11--46, 2011.
[11]
G. R. Blakley and C. Meadows. Security of ramp schemes. In Advances in Cryptology (CRYPTO), pages 242--268, 1984.
[12]
M. Blaze, J. Ioannidis, and A. D. Keromytis. Trust Management for IPsec. In ACM Transactions on Information and System Security (TISSEC), pages 95--118, 2002.
[13]
V. Boyko. On the Security Properties of OAEP as an All-or-nothing Transform. In Procedings of CRYPTO, pages 503--518, 1999.
[14]
S. Ceri, G. Gottlob, and L. Tanca. What you always wanted to know about Datalog (and never dared to ask). In Knowledge and Data Engineering, IEEE Transactions on, pages 146 --166, 1989.
[15]
C. Charnes, J. Pieprzyk, and R. Safavi-Naini. Conditionally secure secret sharing schemes with disenrollment capability. In ACM Conference on Computer and Communications Security (CCS), pages 89--95, 1994.
[16]
A. Desai. The security of all-or-nothing encryption: Protecting against exhaustive key search. In Advances in Cryptology (CRYPTO), pages 359--375, 2000.
[17]
J. Daemen, and V. Rijmen. AES Proposal: Rijndael. http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf.
[18]
G. O. Karame, C. Soriente, K. Lichota, and S. Capkun. Securing cloud data in the new attacker model. IACR Cryptology ePrint Archive, 2014:556, 2014.
[19]
H. Krawczyk. Secret Sharing Made Short. In International Conference on Advances in Cryptology, 1993.
[20]
J. Kubiatowicz, D. Bindel, Y. Chen, S. E. Czerwinski, P. R. Eaton, D. Geels, R. Gummadi, S. C. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Y. Zhao. OceanStore: An Architecture for Global-Scale Persistent Storage. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 190--201, 2000.
[21]
A. B. Lewko and B. Waters. Decentralizing Attribute-Based Encryption. In International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT), pages 568--588, 2011.
[22]
N. Li, B. N. Grosof, and J. Feigenbaum. Delegation logic: A Logic-based Approach to Distributed Authorization. In ACM Transactions on Information and System Security (TISSEC), pages 128--171, 2003.
[23]
J. S. Plank, S. Simmerman, and C. D. Schuman. Jerasure: A library in C/C++ facilitating erasure coding for storage applications. Technical report, 2007.
[24]
M. O. Rabin. Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance. In Journal of the Association for Computing Machinery, pages 335--348, 1989.
[25]
J. K. Resch and J. S. Plank. AONT-RS: Blending Security and Performance in Dispersed Storage Systems. In USENIX Conference on File and Storage Technologies (FAST), pages 191--202, 2011.
[26]
R. L. Rivest. All-or-Nothing Encryption and the Package Transform. In International Workshop on Fast Software Encryption (FSE), pages 210--218, 1997.
[27]
P. Rogaway and M. Bellare. Robust computational secret sharing and a unified account of classical secret-sharing goals. In ACM Conference on Computer and Communications Security (CCS), pages 172--184, 2007.
[28]
A. Shamir. How to Share a Secret? In Communications of the ACM, pages 612--613, 1979.
[29]
M. van Dijk, A. Juels, A. Oprea, R. L. Rivest, E. Stefanov, and N. Triandopoulos. Hourglass Schemes: how to prove that cloud files are encrypted. In ACM Conference on Computer and Communications Security (CCS), pages 265--280, 2012.
[30]
J. H. van Lint. Introduction to Coding Theory. Springer-Verlag New York, Inc., Secaucus, NJ, USA, 1982.
[31]
H. Xia and A. A. Chien. RobuSTore: a Distributed Storage Architecture with Robust and High Performance. In ACM/IEEE Conference on High Performance Networking and Computing (SC), page 44, 2007.

Cited By

View all
  • (2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
  • (2018)How Social Dynamics and the Context of Digital Content Impact Workplace RemixProceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3174171(1-13)Online publication date: 21-Apr-2018
  • (2018)Toward Shared Ownership in the CloudIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.283764813:12(3019-3034)Online publication date: 1-Dec-2018
  • Show More Cited By

Index Terms

  1. Commune: Shared Ownership in an Agnostic Cloud

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
    June 2015
    242 pages
    ISBN:9781450335560
    DOI:10.1145/2752952
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 June 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. cloud security
    2. distributed enforcement
    3. shared ownership

    Qualifiers

    • Research-article

    Conference

    SACMAT '15
    Sponsor:

    Acceptance Rates

    SACMAT '15 Paper Acceptance Rate 17 of 59 submissions, 29%;
    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
    • (2018)How Social Dynamics and the Context of Digital Content Impact Workplace RemixProceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3174171(1-13)Online publication date: 21-Apr-2018
    • (2018)Toward Shared Ownership in the CloudIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.283764813:12(3019-3034)Online publication date: 1-Dec-2018
    • (2017)Reconciling Security and Functional Requirements in Multi-tenant CloudsProceedings of the Fifth ACM International Workshop on Security in Cloud Computing10.1145/3055259.3055265(11-18)Online publication date: 2-Apr-2017
    • (2017)Achieving Proof of Shared Ownership for the Shared File in Collaborative Cloud ApplicationsCloud Computing and Security10.1007/978-3-319-68505-2_23(262-274)Online publication date: 31-Oct-2017
    • (2017)ms‐PoSW: A multi‐server aided proof of shared ownership scheme for secure deduplication in cloudConcurrency and Computation: Practice and Experience10.1002/cpe.425232:3Online publication date: 25-Aug-2017
    • (2015)Transparent Data Deduplication in the CloudProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813630(886-900)Online publication date: 12-Oct-2015

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media