Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control

Lan Zhou, Vijay Varadharajan, Michael Hitchens

2013

Abstract

Role-based access control (RBAC) model is a widely used access control model which can simplify security management in large-scale systems. Recently, several cryptographic RBAC schemes have been proposed to integrate cryptographic techniques with RBAC models to secure data storage in an outsourced environment such as a cloud. These schemes allow data to be encrypted in such a way that only the users who are members of an appropriate role can decrypt and view the data. However, the issue of trust in such a data storage system is not addressed in these schemes. In this paper, we propose trust models to improve the security of such a system which uses cryptographic RBAC schemes. The trust models provide an approach for the users and roles to determine the trustworthiness of individual roles and owners in the RBAC system. The users can use the trust models to decide whether to join a particular role for accessing data in the system. The roles can use the trust models in their decision to ensure that only data from data owners with good behaviours are accepted by the roles. The proposed trust models take into account role inheritance and hierarchy in the evaluation of trustworthiness of the roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust models can be integrated into a system that uses cryptographic RBAC schemes.

References

  1. Akl, S. G. and Taylor, P. D. (1983). Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst., 1(3):239-248.
  2. Chakraborty, S. and Ray, I. (2006). Trustbac - integrating trust relationships into the rbac model for access control in open systems. In Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 49-58.
  3. di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. (2010). Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst., 35(2).
  4. Feng, F., Lin, C., Peng, D., and Li, J. (2008). A trust and context based access control model for distributed systems. In HPCC, pages 629-634. IEEE.
  5. Ferraiolo, D. F. and Kuhn, D. R. (1992). Role-based access controls. In 15th National Computer Security Conference, volume 1-2, pages 554 - 563. National Institute of Standards and Technology, National Computer Security Center.
  6. Jøsang, A. and Ismail, R. (2002). The beta reputation system. In Proceedings of the 15th Bled Conference on Electronic Commerce.
  7. Miklau, G. and Suciu, D. (2003). Controlling access to published data using cryptography. In 29th International Conference on Very Large Data Bases, pages 898-909.
  8. Mui, L., Mohtashemi, M., Ang, C., Szolovits, P., and Halberstadt, A. (2001). Ratings in distributed systems: A bayesian approach. In Workshop on Information Technologies and Systems.
  9. Mui, L., Mohtashemi, M., and Halberstadt, A. (2002). A computational model of trust and reputation for ebusinesses. In HICSS, page 188.
  10. Samarati, P. and di Vimercati, S. D. C. (2010). Data protection in outsourcing scenarios: issues and directions. In ASIACCS, pages 1-14. ACM.
  11. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2):38-47.
  12. Sandhu, R. S., Ferraiolo, D. F., and Kuhn, D. R. (2000). The nist model for role-based access control: towards a unified standard. In ACM Workshop on Role-Based Access Control, RBAC00, pages 47-63.
  13. Takabi, H., Amini, M., and Jalili, R. (2007). Trust-based user-role assignment in role-based access control. In AICCSA, pages 807-814. IEEE.
  14. Toahchoodee, M., Abdunabi, R., Ray, I., , and Ray, I. (2009). A trust-based access control model for pervasive computing applications. In DBSec, volume 5645 of Lecture Notes in Computer Science, pages 307- 314. Springer.
  15. Zhou, L., Varadharajan, V., and Hitchens, M. (2011). Enforcing role-based access control for secure data storage in the cloud. The Computer Journal, 54(13):1675-1687.
  16. Zhu, Y., Hu, H., Ahn, G.-J., Wang, H., and Wang, S.- B. (2011). Provably secure role-based encryption with revocation mechanism. J. Comput. Sci. Technol., 26(4):697-710.
Download


Paper Citation


in Harvard Style

Zhou L., Varadharajan V. and Hitchens M. (2013). Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 62-73. DOI: 10.5220/0004508600620073


in Bibtex Style

@conference{secrypt13,
author={Lan Zhou and Vijay Varadharajan and Michael Hitchens},
title={Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={62-73},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004508600620073},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control
SN - 978-989-8565-73-0
AU - Zhou L.
AU - Varadharajan V.
AU - Hitchens M.
PY - 2013
SP - 62
EP - 73
DO - 10.5220/0004508600620073