期刊名称:International Journal of Computer Trends and Technology
电子版ISSN:2231-2803
出版年度:2011
卷号:1
期号:2-2
出版社:Seventh Sense Research Group
摘要:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving finegrainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attributebased encryption (ABE), proxy reencryption, and lazy reencryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Exten sive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.
关键词:Secure Role based Data Access Control in Cloud Computing
