End-to-End Policy-Based Encryption and Management of Data in the Cloud

Abstract

This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows: Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties called Trust Authorities. The access to data can be as fine-grained as necessary, based on policy definitions, underlying encryption mechanisms (supporting the stickiness of policies to the data) and a related key management approach that allows (sets of) data attribute(s) to be encrypted specifically based on the policy. Access to data is mediated by a Trust Authority that checks for compliance to policies in order to release decryption keys. By these means users can be provided with fine-grained control over access and usage of their data within the cloud, even in public cloud models.