Permission Management System: Permission as a Service in Cloud Computing

Abstract

One of the challenging problems cloud computing is facing today is the security of data in the cloud. Since the physical location of user data in the cloud is unknown and the data are often distributed across multiple cloud services, a user controllable and privacy preserving access control mechanism is necessary for the success of cloud computing in general and for the protection of user data in specific. In this paper, we discuss a novel approach to controlling access to user data in the cloud; the concept is called Permission as a Service (PaaS). Specifically, PaaS separates access control from other services to provide a separate service in the cloud. This allows users to set permissions for all data in a single location. In PaaS, user data are encrypted to maintain confidentiality and permissions are managed via decryption keys. As a proof-of-concept, we discuss the design and implementation of our prototype leveraging attribute based encryption (ABE).