Abstract
To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers).
To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.
- [1] . 2014. A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inform. 18, 4 (
July 2014), 1431–1441. https://doi.org/10.1109/JBHI.2014.2300846Google ScholarCross Ref
- [2] . 2009. Dynamic and efficient key management for access hierarchies. ACM Trans. Info. Syst. Secur. 12, 3, Article
18 (Jan. 2009), 43 pages. https://doi.org/10.1145/1455526.1455531 Google ScholarDigital Library
- [3] . 2020. Exploring architectures for cryptographic access control enforcement in the cloud for fun and optimization. In Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS’20). ACM. https://doi.org/10.1145/3320269.3384767 Google Scholar
Digital Library
- [4] . 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). https://doi.org/10.1109/SP.2007.11 Google Scholar
Digital Library
- [5] . 2014. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In Proceedings of the 2014 Network and Distributed System Security Symposium.
DOI: https://doi.org/10.14722/ndss.2014.23212Google Scholar - [6] . 2014. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25, 1 (
Jan. 2014), 222–233. https://doi.org/10.1109/TPDS.2013.45 Google ScholarDigital Library
- [7] . 2009. Cloud computing: Distributed internet computing for IT and scientific research. IEEE Internet Comput. 13, 5 (
Sept. 2009), 10–13. https://doi.org/10.1109/MIC.2009.103 Google ScholarDigital Library
- [8] . NeXUS: Practical and secure access control on untrusted storage platforms using client-side SGX. In Proceedings of the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’19). IEEE, 401–413. https://doi.org/10.1109/DSN.2019.00049Google Scholar
- [9] . 2019. Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Comput. Commun. 140-141 (
May 2019), 38–60. https://doi.org/10.1016/j.comcom.2019.04.011Google ScholarDigital Library
- [10] . 2015. Policy privacy in cryptographic access control. In Proceedings of the IEEE 28th Computer Security Foundations Symposium. IEEE, 46–60. https://doi.org/10.1109/CSF.2015.11 Google Scholar
Digital Library
- [11] . 2010. Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35 (
Apr. 2010), 12. https://doi.org/10.1145/1735886.1735891 Google ScholarDigital Library
- [12] . 2016. On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 819–838. https://doi.org/10.1109/SP.2016.54Google Scholar
Cross Ref
- [13] . 2017. Implementation of cryptographically enforced RBAC. Sci. Bull. Univ. Politech. Bucharest 79, 2 (2017), 9–3–102. Google Scholar
- [14] . 2007. Algorithms and analyses for maximal vector computation. VLDB J. 16 (
01 2007), 5–28. https://doi.org/10.1007/s00778-006-0029-7 Google ScholarDigital Library
- [15] . 2005. Information security risk analysis—A matrix-based approach. Retrieved on 08 September, 2021 from https://www.albany.edu/goel/publications/goelchen2005.pdf.Google Scholar
- [16] . 2008. Bounded ciphertext policy attribute based encryption. In Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP’08). 579–591. https://doi.org/10.1007/978-3-540-70583-3_47 Google Scholar
Digital Library
- [17] . 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the ACM Conference on Computer and Communications Security. 89–98. https://doi.org/10.1145/1180405.1180418 Google Scholar
Digital Library
- [18] . 2007. Multiple objective minimum cost flow problems: A review. Eur. J. Operation. Res. 176, 3 (
Feb. 2007), 1404–1422. https://doi.org/10.1016/j.ejor.2005.09.033Google ScholarCross Ref
- [19] . 2016. CREDENTIAL: A framework for privacy-preserving cloud-based data sharing. In Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES’16). IEEE, 742–749. https://doi.org/10.1109/ARES.2016.79Google Scholar
Cross Ref
- [20] . 2002. Toward hierarchical identity-based encryption. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’02). 466–481. https://doi.org/10.1007/3-540-46035-7_31 Google Scholar
Digital Library
- [21] . 2012. Cloud computing—Concepts, architecture and challenges. In Proceedings of the International Conference on Computing, Electronics and Electrical Technologies (ICCEET’12). IEEE, 877–880. https://doi.org/10.1109/ICCEET.2012.6203873Google Scholar
Cross Ref
- [22] . 2018. A practical client application based on attribute based access control for untrusted cloud storage. In Computer Science & Information Technology. Academy & Industry Research Collaboration Center (AIRCC), 1–15. https://doi.org/10.5121/csit.2018.80101Google Scholar
- [23] . 2012. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gen. Comput. Syst. 28, 6 (
June 2012), 833–851. https://doi.org/10.1016/j.future.2012.01.006 Google ScholarDigital Library
- [24] . Discrete multiobjective optimization. In Evolutionary Multi-Criterion Optimization, , , , , and (Eds.). Vol. 5467. Springer, Berlin, 4–4. https://doi.org/10.1007/978-3-642-01020-0_4
Series Title: Lecture Notes in Computer Science. Google ScholarDigital Library
- [25] . 2019. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Comput. Sci. Rev. 33 (
Aug. 2019), 1–48. https://doi.org/10.1016/j.cosrev.2019.05.002Google ScholarDigital Library
- [26] . Keys in the clouds: Auditable multi-device access to cryptographic credentials. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES’18). ACM Press, 1–10. https://doi.org/10.1145/3230833.3234518 Google Scholar
Digital Library
- [27] . 2016. PRISMACLOUD tools: A cryptographic toolbox for increasing security in cloud services. In Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES’16). IEEE, Salzburg, Austria, 733–741. https://doi.org/10.1109/ARES.2016.62Google Scholar
Cross Ref
- [28] . 2012. Hiding the policy in cryptographic access control. In Security and Trust Management. 90–105. https://doi.org/10.1007/978-3-642-29963-6_8 Google Scholar
Digital Library
- [29] . 2007. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 195–203. https://doi.org/10.1145/1315245.1315270 Google Scholar
Digital Library
- [30] 2018. Attribute based encryption in cloud computing: A survey, gap analysis, and future directions. J. Netw. Comput. Appl. 108 (
Apr. 2018), 37–52. https://doi.org/10.1016/j.jnca.2018.02.009 Google ScholarDigital Library
- [31] . 2007. Assignment problems: A golden anniversary survey. Eur. J. Operation. Res. 176, 2 (
Jan. 2007), 774–793. https://doi.org/10.1016/j.ejor.2005.09.014Google ScholarCross Ref
- [32] . 2005. File system design with assured delete. In Proceedings of the 3rd IEEE International Security in Storage Workshop (SISW’05). IEEE, San Francisco, CA, 83–88. https://doi.org/10.1109/SISW.2005.5 Google Scholar
Digital Library
- [33] . 2016. Hybrid cryptographic access control for cloud-based EHR systems. IEEE Cloud Comput. 3, 4 (
July 2016), 58–64. https://doi.org/10.1109/MCC.2016.76Google ScholarCross Ref
- [34] . 2019. Crypt-DAC: Cryptographically enforced dynamic access control in the cloud. IEEE Trans. Depend. Secure Comput. (2019), 1–1. https://doi.org/10.1109/TDSC.2019.2908164Google Scholar
- [35] . 2017. A comprehensive survey on security in cloud computing. Procedia Comput. Sci. 110 (2017), 465–472. https://doi.org/10.1016/j.procs.2017.06.124Google Scholar
Cross Ref
- [36] . 2014. Data brokers: A call for transparency and accountability. In Data Brokers: A Call for Transparency and Accountability. CreateSpace Independent Publishing Platform, 1–101.Google Scholar
- [37] . 2016. Distributed clinical data sharing via dynamic access-control policy transformation. Int. J. Med. Info. 89 (
May 2016), 25–31. https://doi.org/10.1016/j.ijmedinf.2016.02.002Google ScholarCross Ref
- [38] . 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (
Feb. 1978), 120–126. https://doi.org/10.1145/359340.359342 Google ScholarDigital Library
- [39] . 2000. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design, and (Eds.). Vol. 2171. Springer, Berlin, 137–196. https://doi.org/10.1007/3-540-45608-2_3 Google Scholar
Digital Library
- [40] . 1998. Access control: Principle and practice. Adv. Comput. 46 (
10 1998), 237–286. https://doi.org/10.1016/S0065-2458(08)60206-5 Google ScholarDigital Library
- [41] . 2015. Design and implementation of collaborative ciphertext-policy attribute-role based encryption for data access control in cloud. J. Info. Secur. Res. 6, 3 (
Sept. 2015), 71–84.Google Scholar - [42] . 1979. How to share a secret. Commun. ACM 22, 11 (
Nov. 1979), 612–613. https://doi.org/10.1145/359168.359176 Google ScholarDigital Library
- [43] . GigaOm Radar for File-Based Cloud Storage. Retrieved from https://gigaom.com/report/gigaom-radar-for-file-based-cloud-storage/
. Google Scholar - [44] . 2017. Cloud security issues and challenges: A survey. J. Netw. Comput. Appl. 79 (
Feb. 2017), 88–115. https://doi.org/10.1016/j.jnca.2016.11.027 Google ScholarDigital Library
- [45] . 2012. FADE: Secure overlay cloud storage with file assured deletion. IEEE Trans. Depend. Secure Comput. 9, 6 (
Nov. 2012), 903–916. https://doi.org/10.1109/TDSC.2012.49Google ScholarDigital Library
- [46] . 2012. K2C: Cryptographic cloud storage with lazy revocation and anonymous access. In Security and Privacy in Communication Networks, , , , and (Eds.). Vol. 96. Springer, Berlin, 59–76. https://doi.org/10.1007/978-3-642-31909-9_4Google Scholar
Cross Ref
- [47] . 2013. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Info. Forensics Secur. 8, 12 (
Dec. 2013), 1947–1960. https://doi.org/10.1109/TIFS.2013.2286456Google ScholarDigital Library
Index Terms
Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud
Recommendations
Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications SecurityTo facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, ...
An Access Control Model for Cloud Computing Environments
ADCONS '13: Proceedings of the 2013 2nd International Conference on Advanced Computing, Networking and SecurityCloud Computing is a distributed computing paradigm which allows the users to access the services and shared resources hosted by the various service providers, to meet their services or resources requirements. In order to prevent the unauthorized or ...
An access control model for cloud computing
Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and ...






Comments