nach oben

Computing

Erschienen in:

01.12.2012

Oblivious access control policies for cloud based data sharing systems

verfasst von: Zeeshan Pervez, Asad Masood Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh

Erschienen in: Computing | Ausgabe 12/2012

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

Nächster Artikel Optimization of decentralized multi-way join queries over pipelined filtering services

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

We shall refer access control policy evaluation as policy evaluation.

Authority can issue a root level certificate to an organization, which uses it to sign X.509 v3 certificate (attribute certificate) of its employees [23].

In Sect. 9 we discuss how to prevent adversary from gaining knowledge about the user attributes and then exploiting them to access the outsourced data.

Amazon cloud drive—anything digital, securely stored, available anywhere. https://www.amazon.com/clouddrive/

Dropbox—simplify your life. https://www.dropbox.com/

Google app engine—run your web applications on google’s infrastructure. http://code.google.com/appengine/

Google docs—create and share uour work online. http://www.google.com/google-d-s/b1.html

The legion of the bouncy castle. http://www.bouncycastle.org/

Microsoft office live—access, edit, and share documents from anywhere. http://www.officelive.com

Windows live skydrive—online document storage and file sharing. http://www.windowslive.co.uk/skydrive

Zoho—suite of online web applications. https://www.zoho.com/

Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53:50–58. doi:10.1145/1721654.1721672

10.

Brunette G, Mogull R, et al (2009) Security guidance for critical areas of focus in cloud computing. http://www.cloudsecurityalliance.org/csaguide.pdf

11.

Buyya R, Yeo CS, Venugopal S (2008) Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. In: Department of Computer Science and Software Engineering (CSSE), The University of Melbourne, Australia, pp 10–1016

12.

Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Elsevier Science Publishers B. V., Amsterdam, pp 599–616. doi:10.1016/j.future.2008.12.001

13.

Cantor S, Kemp J, Philpott R, Maler E (2005) Assertions and protocols for the oasis security assertion markup language (saml) v2.0. http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

14.

Coull SE, Green M, Hohenberger S (2011) Access controls for oblivious and anonymous systems. ACM Trans Inf Syst Secur 14:10:1–10:28. doi:10.1145/1952982.1952992

15.

Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T (1999) Spki certificate theory

16.

Freedman M, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. Springer, New York, pp 1–19

17.

Frikken K, Atallah M, Li J (2006) Attribute-based access control with hidden policies and hidden credentials. IEEE Trans Comput 55(10):1259–1270CrossRef

18.

Geron E, Wool A (2007) Crust: cryptographic remote untrusted storage without public keys. In: Fourth international IEEE security in storage workshop, 2007. SISW ’07, pp 3–14. doi:10.1109/SISW.2007.9

19.

Goh EJ, Shacham H, Modadugu N, Boneh D (2003) Sirius: securing remote untrusted storage. In: Proceedings of network and distributed systems security (NDSS) symposium 2003, pp 131–145. doi:10.1.1.104.6458

20.

Goldreich O, Israel R, Dana T (1995) Foundations of cryptography

21.

Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06, ACM, New York, pp 89–98. doi:10.1145/1180405.1180418

22.

Holt JE, Bradshaw RW, Seamons KE, Orman H (2003) Hidden credentials. In: Proceedings of the 2003 ACM workshop on privacy in the electronic society, WPES ’03. ACM, New York, pp 1–8. doi:10.1145/1005140.1005142

23.

Housley R, Polk W, Ford W, Solo D (2002) Internet x.509 public key infrastructure. http://www.ietf.org/rfc/rfc3280.txt

24.

Kallahalla M, Riedel E, Swaminathan R, Wang Q, Fu K (2003) Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX conference on file and storage technologies. USENIX Association, Berkeley, pp 29–42. http://dl.acm.org/citation.cfm?id=1090694.1090698

25.

Kamara S, Lauter K (2010) Cryptographic cloud storage. In: Proceedings of the 14th international conference on financial cryptograpy and data security, FC’10. Springer, Berlin, pp 136–149. http://dl.acm.org/citation.cfm?id=1894863.1894876

26.

Kamara S, Papamanthou C, Roeder T (2011) Cs2: a searchable cryptographic cloud storage system. TechReport MSR-TR-2011-58, Microsoft Research

27.

Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Privacy 7:61–64. doi:10.1109/MSP.2009.87

28.

Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Privacy 7:61–64. doi:10.1109/MSP.2009.87

29.

Li J, Li N (2006) Oacerts: oblivious attribute certificates. IEEE Trans Dependable Secur Comput 3:340–352. doi:10.1109/TDSC.2006.54

30.

Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE symposium on security and privacy. IEEE Computer Society, Washington, p 114. http://dl.acm.org/citation.cfm?id=829514.830539

31.

Paillier P (1999) Public key cryptosystems based on composite degree residuosity classes. In: Proceedings of the 17th international conference on theory and application of cryptographic techniques, EUROCRYPT’99. Springer, Berlin, pp 223–238. http://dl.acm.org/citation.cfm?id=1756123.1756146

32.

Paillier P (2000) Trapdooring discrete logarithms on elliptic curves over rings. In: Proceedings of the 6th international conference on the theory and application of cryptology and information security: advances in cryptology, ASIACRYPT’00. Springer, London, pp 573–584. http://dl.acm.org/citation.cfm?id=647096.716885

33.

Pearson S (2009) Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, CLOUD ’09. IEEE Computer Society, Washington, DC, pp 44–52. doi:10.1109/CLOUD.2009.5071532

34.

Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, CCS ’09. ACM, New York, pp 199–212. doi:10.1145/1653662.1653687

35.

Vimercati SDCd, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007) Over-encryption: management of access control evolution on outsourced data. In: VLDB, pp 123–134 (2007)

36.

Samarati P, Vimercati SDCd (2001) Access control: policies, models, and mechanisms. In: Revised versions of lectures given during the IFIP WG 1.7. International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, FOSAD’00. Springer, London, pp 137–196 (2001). http://dl.acm.org/citation.cfm?id=646206.683112

37.

Singh A, Liu L (2008) Sharoes: a data sharing platform for outsourced enterprise storage environments. In: IEEE 24th international conference on data engineering, 2008, ICDE 2008, pp 993–1002. doi:10.1109/ICDE.2008.4497508

38.

Sun J, Zhu X, Fang Y (2010) A privacy-preserving scheme for online social networks with efficient revocation. In: 2010 Proceedings IEEE, INFOCOM, pp 1–9 (2010). doi:10.1109/INFCOM.2010.5462080

39.

Tang Y, Lee PPC, Lui JCS, Perlman R (2010) Fade: secure overlay cloud storage with file assured deletion. In: SecureComm, pp 380–397

40.

Wang W, Li Z, Owens R, Bhargava B (2009) Secure and efficient access to outsourced data. In: Proceedings of the 2009 ACM workshop on cloud computing security, CCSW’09. ACM, New York, pp 55–66. doi:10.1145/1655008.1655016

41.

Yao J, Chen S, Nepal S, Levy D, Zic J (2010) Truststore: making amazon s3 trustworthy with services composition. In: 2010 10th IEEE/ACM international conference on cluster, cloud and grid computing (CCGrid), pp 600–605 (2010). doi:10.1109/CCGRID.2010.17

Titel: Oblivious access control policies for cloud based data sharing systems
verfasst von: Zeeshan Pervez
Asad Masood Khattak
Sungyoung Lee
Young-Koo Lee
Eui-Nam Huh
Publikationsdatum: 01.12.2012
Verlag: Springer Vienna
Erschienen in: Computing / Ausgabe 12/2012
Print ISSN: 0010-485X
Elektronische ISSN: 1436-5057
DOI: https://doi.org/10.1007/s00607-012-0206-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"