Integrating Trust with Cryptographic Role-Based Access Control for Secure Cloud Data Storage

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.69

Lan Zhou, V. Varadharajan, M. Hitchens

{"title":"Integrating Trust with Cryptographic Role-Based Access Control for Secure Cloud Data Storage","authors":"Lan Zhou, V. Varadharajan, M. Hitchens","doi":"10.1109/TrustCom.2013.69","DOIUrl":null,"url":null,"abstract":"There has been a recent trend in storing data in cloud due to the increasing amount of users' data and associated benefits such as on-demand access and scalability. Role-based access control (RBAC) provides a flexible way for data owners to manage and share their data in cloud. To enforce the access control policies in the cloud, cryptographic RBAC schemes have been developed, which combine cryptographic techniques and access control to protect the privacy of the data in an outsourced environment. Using these cryptographic schemes, the owner of data can encrypt the data in such a way that only the users with appropriate roles as specified by a role-based access control policy can decrypt and view the data. However these cryptographic approaches do not address the issues of trust when enforcing the access policies. The issue of trust is critical in cloud storage systems, the stored data in the cloud is secure under the assumptions that roles are properly administered by trusted authorities, roles manage the user membership in a trusted manner and qualified users also behave in a trusted manner. In this paper, we propose a trust model to reason about and improve the security for stored data in cloud storage systems that use cryptographic RBAC schemes. The trust model provides an approach for the owners to determine the trustworthiness of individual roles in the RBAC system. The data owners can use the trust models to decide whether to store their encrypted data in the cloud for a particular role. The proposed trust model takes into account role inheritance and hierarchy in the evaluation of trustworthiness of roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust model can be integrated into a system that uses cryptographic RBAC schemes. We have also described the relevance of the proposed trust model by considering practical application scenarios and illustrated how the trust evaluations can be used to reduce the risks and enhance the quality of decision making by data owners of cloud storage service.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"111 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.69","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 30

Abstract

There has been a recent trend in storing data in cloud due to the increasing amount of users' data and associated benefits such as on-demand access and scalability. Role-based access control (RBAC) provides a flexible way for data owners to manage and share their data in cloud. To enforce the access control policies in the cloud, cryptographic RBAC schemes have been developed, which combine cryptographic techniques and access control to protect the privacy of the data in an outsourced environment. Using these cryptographic schemes, the owner of data can encrypt the data in such a way that only the users with appropriate roles as specified by a role-based access control policy can decrypt and view the data. However these cryptographic approaches do not address the issues of trust when enforcing the access policies. The issue of trust is critical in cloud storage systems, the stored data in the cloud is secure under the assumptions that roles are properly administered by trusted authorities, roles manage the user membership in a trusted manner and qualified users also behave in a trusted manner. In this paper, we propose a trust model to reason about and improve the security for stored data in cloud storage systems that use cryptographic RBAC schemes. The trust model provides an approach for the owners to determine the trustworthiness of individual roles in the RBAC system. The data owners can use the trust models to decide whether to store their encrypted data in the cloud for a particular role. The proposed trust model takes into account role inheritance and hierarchy in the evaluation of trustworthiness of roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust model can be integrated into a system that uses cryptographic RBAC schemes. We have also described the relevance of the proposed trust model by considering practical application scenarios and illustrated how the trust evaluations can be used to reduce the risks and enhance the quality of decision making by data owners of cloud storage service.

查看原文本刊更多论文

集成信任与基于角色的加密访问控制的安全云数据存储

由于用户数据量的增加以及相关的好处(如按需访问和可扩展性)，最近出现了将数据存储在云中的趋势。基于角色的访问控制(RBAC)为数据所有者提供了一种灵活的方式来管理和共享云中的数据。为了在云中执行访问控制策略，已经开发了加密RBAC方案，它结合了加密技术和访问控制来保护外包环境中数据的隐私。使用这些加密方案，数据所有者可以对数据进行加密，只有具有基于角色的访问控制策略指定的适当角色的用户才能解密和查看数据。然而，这些加密方法在执行访问策略时不能解决信任问题。信任问题在云存储系统中至关重要，在以下假设下，存储在云中的数据是安全的:角色由受信任的机构适当管理，角色以受信任的方式管理用户成员，合格的用户也以受信任的方式行事。在本文中，我们提出了一个信任模型来推断和提高使用加密RBAC方案的云存储系统中存储数据的安全性。信任模型为所有者确定RBAC系统中各个角色的可信度提供了一种方法。数据所有者可以使用信任模型来决定是否为特定角色在云中存储其加密数据。提出的信任模型在角色可信度评估中考虑了角色的继承性和层次性。此外，我们还设计了一个基于信任的云存储系统，展示了如何将信任模型集成到使用加密RBAC方案的系统中。我们还通过考虑实际应用场景描述了所提出的信任模型的相关性，并说明了如何使用信任评估来降低风险并提高云存储服务数据所有者的决策质量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量