Journal Home > Volume 21 , Issue 1
Tsinghua Science and Technology 2016, 21(1): 40-54 https://doi.org/10.1109/TST.2016.7399282
Open Access | Issue | Published: 04 February 2016

Privacy Preserving and Delegated Access Control for Cloud Applications

Show Author's Information Xinfeng Ye( )
Department of Computer Science, The University of Auckland, Auckland 1142, New Zealand.
Keywords:
cloud computing, security, access control
Cite this article:
Ye X. Privacy Preserving and Delegated Access Control for Cloud Applications. Tsinghua Science and Technology, 2016, 21(1): 40-54. https://doi.org/10.1109/TST.2016.7399282
Download citation
EndNote(RIS)
BibTeX

440

Views

16

Downloads

Citations

9

Crossref

N/A

WoS

11

Scopus

2

CSCD

Abstract Full text About this article

In cloud computing applications, users’ data and applications are hosted by cloud providers. This paper proposed an access control scheme that uses a combination of discretionary access control and cryptographic techniques to secure users’ data and applications hosted by cloud providers. Many cloud applications require users to share their data and applications hosted by cloud providers. To facilitate resource sharing, the proposed scheme allows cloud users to delegate their access permissions to other users easily. Using the access control policies that guard the access to resources and the credentials submitted by users, a third party can infer information about the cloud users. The proposed scheme uses cryptographic techniques to obscure the access control policies and users’ credentials to ensure the privacy of the cloud users. Data encryption is used to guarantee the confidentiality of data. Compared with existing schemes, the proposed scheme is more flexible and easy to use. Experiments showed that the proposed scheme is also efficient.


menu
Abstract
Full text
Outline
About this article

Privacy Preserving and Delegated Access Control for Cloud Applications

Show Author's information Xinfeng Ye( )
Department of Computer Science, The University of Auckland, Auckland 1142, New Zealand.

Abstract

In cloud computing applications, users’ data and applications are hosted by cloud providers. This paper proposed an access control scheme that uses a combination of discretionary access control and cryptographic techniques to secure users’ data and applications hosted by cloud providers. Many cloud applications require users to share their data and applications hosted by cloud providers. To facilitate resource sharing, the proposed scheme allows cloud users to delegate their access permissions to other users easily. Using the access control policies that guard the access to resources and the credentials submitted by users, a third party can infer information about the cloud users. The proposed scheme uses cryptographic techniques to obscure the access control policies and users’ credentials to ensure the privacy of the cloud users. Data encryption is used to guarantee the confidentiality of data. Compared with existing schemes, the proposed scheme is more flexible and easy to use. Experiments showed that the proposed scheme is also efficient.

Keywords: cloud computing, security, access control

References(28)

[1]
Nabeel M., Shang N., and Bertino E., Privacy preserving policy based content sharing in public clouds, IEEE Transactions on Knowledge and Data Engineering, vol. 25, no. 11, pp. 2602–2614, 2013.
DOI Google Scholar
[2]
Puttaswamy K. P. N., Kruegel C., and Zhao B. Y., Silverline: Toward data confidentiality in storage-intensive cloud applications, in Proceedings of the 2nd ACM Symposium on Cloud Computing, New York, NY, USA, 2011.
[3]
Song D., Shi E., Fischer I., and Shankar U., Cloud data protection for the masses, Computer, vol. 45, no. 1, pp. 39–45, 2012.
DOI Google Scholar
[4]
Yu S., Wang C., Ren K., and Lou W., Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proceedings of the 29th Conference on Information Communications, Piscataway, NJ, USA, 2010, pp. 534–542.
[5]
Xu X., From cloud computing to cloud manufacturing, Robotics and Computer-Integrated Manufacturing, vol. 28, no. 1, pp. 75–86, 2012.
DOI Google Scholar
[6]
Xu Y., Dunn A. M., Hofmann O. S., Lee M. Z., Mehdi S. A., and Witchel E., Application-defined decentralized access control, in Proceedings of the 2014 USENIX Conference, Berkeley, CA, USA, 2014, pp. 395–408.
[7]
Liu D. and Zic J., User-controlled identity provisioning for secure account sharing, in Proceedings of the 2014 IEEE International Conference on Cloud Computing, Washington, DC, USA, 2014, pp. 644–651.
[8]
She W., Yen I., Thuraisingham B., and Bertino E., The SCIFC model for information flow control in web service composition, in Proceedings of the 2009 IEEE International Conference on Web Services, Washington, DC, USA, 2009, pp. 1–8.
[9]
Squicciarini A. C., Bertino E., Ferrari E., and Ray I., Achieving privacy in trust negotiations with an ontology-based approach, IEEE Trans. Dependable Secur. Comput., vol. 3, no. 1, pp. 13–30, 2006.
DOI Google Scholar
[10]
Ye X. and Khoussainov B., Fine-grained access control for cloud computing, Int. J. Grid Util. Comput., vol. 4, no. 2/3, pp. 160–168, 2013.
DOI Google Scholar
[11]
Bradshaw R. W., Holt J. E., and Seamons K. E., Concealing complex policies with hidden credentials, in Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, NY, USA, 2004, pp. 146–157.
[12]
Frikken K., Atallah M., and Li J., Attribute-based access control with hidden policies and hidden credentials, IEEE Trans. Comput., vol. 55, no. 10, pp. 1259–1270, 2006.
DOI Google Scholar
[13]
Harbach M., Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions, in Proc. of the 10th Annual International Conference on Privacy, Security and Trust, Paris, France, 2012, pp. 17–24.
[14]
Zhang R., Liu L., and Rui X., Role-based and time-bound access and management of EHR data, Security and Communication Networks, vol. 7, no. 6, pp. 994–1015, 2014.
DOI Google Scholar
[15]
Takabi H., Privacy aware access control for data sharing in cloud computing environments, in Proceedings of the 2nd International Workshop on Security in Cloud Computing, New York, NY, USA, 2014, pp. 27–34.
[16]
Rivest R. L., Shamir A., and Adleman L., A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM, vol. 21, no. 2, pp. 120–126, 1978.
DOI Google Scholar
[17]
Ray I., Ray I., and Narasimhamurthi N., A cryptographic solution to implement access control in a hierarchy and more, in Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, 2002, pp. 65–73.
DOI
[18]
You I. and Yim K., Malware obfuscation techniques: A brief survey, in Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, IEEE Computer Society, Washington DC, USA, 2010, pp. 297–300.
[19]
Wikibooks, https://en.wikibooks.org/wiki/OpenSSH/Cook book/Authentication_Keys, 2015.
[20]
Gonzalez-Manzano L., Gonzalez-Tablas A. I., Fuentes J. M. de, and Ribagorda A., Extended U+F social network protocol: Interoperability, reusability, data protection and indirect relationships in web based social networks, The Journal of Systems and Software, vol. 94, pp. 50–71, 2014.
DOI Google Scholar
[21]
Nabeel M. and Bertino E., Privacy preserving delegated access control in public clouds, IEEE Trans. Knowl. Data Eng., vol. 26, no. 9, pp. 2268–2280, 2014.
DOI Google Scholar
[22]
Holt J. E., Bradshaw R. W., Seamons K. E., and Orman H., Hidden credentials, in Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, ACM, New York, NY, USA, 2003, pp. 1–8.
DOI
[23]
Boneh D. and Franklin M. K., Identity-based encryption from the weil pairing, in Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, Springer-Verlag, London, UK, 2001, pp. 213–229.
DOI
[24]
Li J. and Li N., Policy-hiding access control in open environment, in Proceedings of the Twenty-Fourth Annual ACM Symposium on Principles of Distributed Computing, ACM, New York, NY, USA, 2005, pp. 29–38.
DOI
[25]
Baden R., Bender A., Spring N., Bhattacharjee B., and Starin D., Persona: An online social network with user-defined privacy, in Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, ACM, New York, NY, USA, 2009, pp. 135–146.
DOI
[26]
She W., Yen I., Thuraisingham B., and Bertino E., Effective and efficient implementation of an information flow control protocol for service composition, in IEEE International Conference on Service-Oriented Computing and Applications, 2009, pp. 1–8.
DOI
[27]
Winsborough W. H., Seamons K. E., and Jones V. E., Negotiating disclosure of sensitive credentials, in Proc. of Second Conference on Security in Communication Networks, 1999, pp. 1–8.
[28]
Gonzalez-Manzano L., Gonzalez-Tablas A. I., Fuentes J. M. de, and Ribagorda A., CooPeD: Co-owned personal data management, Computers & Security, vol. 47, pp. 41–65, 2014.
DOI Google Scholar
Publication history
Copyright
Rights and permissions

Publication history

Received: 01 September 2015
Accepted: 13 October 2015
Published: 04 February 2016
Issue date: February 2016

Copyright

© The author(s) 2016

Rights and permissions

Return