A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems

2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI:10.1109/SERE.2012.35

Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng

{"title":"A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems","authors":"Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng","doi":"10.1109/SERE.2012.35","DOIUrl":null,"url":null,"abstract":"Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE.2012.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.

查看原文本刊更多论文

面向网络存储系统的安全细粒度访问控制机制

网络存储系统通过网络为用户提供存储服务。安全的网络存储系统对数据进行加密存储，保证数据的保密性。然而，使用加密方案在某种程度上限制了对存储数据的访问控制功能。我们通过提出一种细粒度的访问控制机制来解决安全网络存储系统的访问控制功能。在我们的机制中，用户不仅可以读写数据，还可以低成本地将单个文件或整个文件目录的读权限授予其他用户。此外，这些函数以保密的方式对诚实但好奇的存储服务器提供支持。我们的技术贡献是通过集成分层代理重加密方案和分层密钥分配方案，为典型的文件系统结构提出了一种混合加密方案。我们通过实验测量读取、写入和授予操作的计算开销。实验结果表明，获得一种更精细的访问控制机制的成本并不高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 IEEE Sixth International Conference on Software Security and Reliability

自引率

0.00%

发文量