skip to main content
research-article

Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud

Published:23 November 2021Publication History
Skip Abstract Section

Abstract

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers).

To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.

REFERENCES

  1. [1] Abbas Assad and Khan Samee U.. 2014. A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inform. 18, 4 (July 2014), 14311441. https://doi.org/10.1109/JBHI.2014.2300846Google ScholarGoogle ScholarCross RefCross Ref
  2. [2] Atallah Mikhail J., Blanton Marina, Fazio Nelly, and Frikken Keith B.. 2009. Dynamic and efficient key management for access hierarchies. ACM Trans. Info. Syst. Secur. 12, 3, Article 18 (Jan. 2009), 43 pages. https://doi.org/10.1145/1455526.1455531 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Berlato Stefano, Carbone Roberto, Ranise Silvio, and Lee Adam J.. 2020. Exploring architectures for cryptographic access control enforcement in the cloud for fun and optimization. In Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS’20). ACM. https://doi.org/10.1145/3320269.3384767 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. [4] Bethencourt John, Sahai Amit, and Waters Brent. 2007. Ciphertext-policy attribute-based encryption. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). https://doi.org/10.1109/SP.2007.11 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Birgisson Arnar, Politz Joe Gibbs, Erlingsson Ulfar, Taly Ankur, Vrable Michael, and Lentczner Mark. 2014. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In Proceedings of the 2014 Network and Distributed System Security Symposium. DOI: https://doi.org/10.14722/ndss.2014.23212Google ScholarGoogle Scholar
  6. [6] Cao Ning, Wang Cong, Li Ming, Ren Kui, and Lou Wenjing. 2014. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25, 1 (Jan. 2014), 222233. https://doi.org/10.1109/TPDS.2013.45 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. [7] Dikaiakos Marios D., Katsaros Dimitrios, Mehra Pankaj, Pallis George, and Vakali Athena. 2009. Cloud computing: Distributed internet computing for IT and scientific research. IEEE Internet Comput. 13, 5 (Sept. 2009), 1013. https://doi.org/10.1109/MIC.2009.103 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. [8] Djoko Judicael B., Lange Jack, and Lee Adam J.. NeXUS: Practical and secure access control on untrusted storage platforms using client-side SGX. In Proceedings of the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’19). IEEE, 401413. https://doi.org/10.1109/DSN.2019.00049Google ScholarGoogle Scholar
  9. [9] Domingo-Ferrer Josep, Farras Oriol, Ribes-Gonzalez Jordi, and Sanchez David. 2019. Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Comput. Commun. 140-141 (May 2019), 3860. https://doi.org/10.1016/j.comcom.2019.04.011Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. [10] Ferrara Anna Lisa, Fachsbauer Georg, Liu Bin, and Warinschi Bogdan. 2015. Policy privacy in cryptographic access control. In Proceedings of the IEEE 28th Computer Security Foundations Symposium. IEEE, 4660. https://doi.org/10.1109/CSF.2015.11 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. [11] Foresti Sara, Jajodia Sushil, Paraboschi Stefano, and Samarati Pierangela. 2010. Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. 35 (Apr. 2010), 12. https://doi.org/10.1145/1735886.1735891 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. [12] Garrison William C., Shull Adam, Myers Steven, and Lee Adam J.. 2016. On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 819838. https://doi.org/10.1109/SP.2016.54Google ScholarGoogle ScholarCross RefCross Ref
  13. [13] Ghita Valentin, Costea Sergiu, and Tapus Nicolae. 2017. Implementation of cryptographically enforced RBAC. Sci. Bull. Univ. Politech. Bucharest 79, 2 (2017), 9–3–102. Google ScholarGoogle Scholar
  14. [14] Godfrey Parke, Shipley Ryan, and Gryz Jarek. 2007. Algorithms and analyses for maximal vector computation. VLDB J. 16 (01 2007), 528. https://doi.org/10.1007/s00778-006-0029-7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. [15] Goel S. and Chen V.. 2005. Information security risk analysis—A matrix-based approach. Retrieved on 08 September, 2021 from https://www.albany.edu/goel/publications/goelchen2005.pdf.Google ScholarGoogle Scholar
  16. [16] Goyal Vipul, Jain Abhishek, Pandey Omkant, and Sahai Amit. 2008. Bounded ciphertext policy attribute based encryption. In Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP’08). 579591. https://doi.org/10.1007/978-3-540-70583-3_47 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. [17] Goyal Vipul, Pandey Omkant, Sahai Amit, and Waters Brent. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the ACM Conference on Computer and Communications Security. 8998. https://doi.org/10.1145/1180405.1180418 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. [18] Hamacher Horst W., Pedersen Christian Roed, and Ruzika Stefan. 2007. Multiple objective minimum cost flow problems: A review. Eur. J. Operation. Res. 176, 3 (Feb. 2007), 14041422. https://doi.org/10.1016/j.ejor.2005.09.033Google ScholarGoogle ScholarCross RefCross Ref
  19. [19] Horandner Felix, Krenn Stephan, Migliavacca Andrea, Thiemer Florian, and Zwattendorfer Bernd. 2016. CREDENTIAL: A framework for privacy-preserving cloud-based data sharing. In Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES’16). IEEE, 742749. https://doi.org/10.1109/ARES.2016.79Google ScholarGoogle ScholarCross RefCross Ref
  20. [20] Horwitz Jeremy and Lynn Ben. 2002. Toward hierarchical identity-based encryption. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’02). 466481. https://doi.org/10.1007/3-540-46035-7_31 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. [21] Jadeja Yashpalsinh and Modi Kirit. 2012. Cloud computing—Concepts, architecture and challenges. In Proceedings of the International Conference on Computing, Electronics and Electrical Technologies (ICCEET’12). IEEE, 877880. https://doi.org/10.1109/ICCEET.2012.6203873Google ScholarGoogle ScholarCross RefCross Ref
  22. [22] Jang-Jaccard Julian. 2018. A practical client application based on attribute based access control for untrusted cloud storage. In Computer Science & Information Technology. Academy & Industry Research Collaboration Center (AIRCC), 115. https://doi.org/10.5121/csit.2018.80101Google ScholarGoogle Scholar
  23. [23] Khorshed Md. Tanzim, Ali A. B. M. Shawkat, and Wasimi Saleh A.. 2012. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gen. Comput. Syst. 28, 6 (June 2012), 833851. https://doi.org/10.1016/j.future.2012.01.006 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. [24] Klamroth Kathrin. Discrete multiobjective optimization. In Evolutionary Multi-Criterion Optimization, Ehrgott Matthias, Fonseca Carlos M., Gandibleux Xavier, Hao Jin-Kao, and Sevaux Marc (Eds.). Vol. 5467. Springer, Berlin, 44. https://doi.org/10.1007/978-3-642-01020-0_4Series Title: Lecture Notes in Computer Science. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. [25] Kumar Rakesh and Goyal Rinkaj. 2019. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Comput. Sci. Rev. 33 (Aug. 2019), 148. https://doi.org/10.1016/j.cosrev.2019.05.002Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. [26] Kurnikov Arseny, Paverd Andrew, Mannan Mohammad, and Asokan N.. Keys in the clouds: Auditable multi-device access to cryptographic credentials. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES’18). ACM Press, 110. https://doi.org/10.1145/3230833.3234518 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. [27] Loruenser Thomas, Slamanig Daniel, Langer Thomas, and Pohls Henrich C.. 2016. PRISMACLOUD tools: A cryptographic toolbox for increasing security in cloud services. In Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES’16). IEEE, Salzburg, Austria, 733741. https://doi.org/10.1109/ARES.2016.62Google ScholarGoogle ScholarCross RefCross Ref
  28. [28] Muller Sascha and Katzenbeisser Stefan. 2012. Hiding the policy in cryptographic access control. In Security and Trust Management. 90105. https://doi.org/10.1007/978-3-642-29963-6_8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. [29] Ostrovsky Rafail, Sahai Amit, and Waters Brent. 2007. Attribute-based encryption with non-monotonic access structures. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 195203. https://doi.org/10.1145/1315245.1315270 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. [30] Praveen Kumar P., P Kumar. Syan, and Alphonse. P. J. A.2018. Attribute based encryption in cloud computing: A survey, gap analysis, and future directions. J. Netw. Comput. Appl. 108 (Apr. 2018), 3752. https://doi.org/10.1016/j.jnca.2018.02.009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. [31] Pentico David W.. 2007. Assignment problems: A golden anniversary survey. Eur. J. Operation. Res. 176, 2 (Jan. 2007), 774793. https://doi.org/10.1016/j.ejor.2005.09.014Google ScholarGoogle ScholarCross RefCross Ref
  32. [32] Perlman R.. 2005. File system design with assured delete. In Proceedings of the 3rd IEEE International Security in Storage Workshop (SISW’05). IEEE, San Francisco, CA, 8388. https://doi.org/10.1109/SISW.2005.5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. [33] Premarathne Uthpala, Abuadbba Alsharif, Alabdulatif Abdulatif, Khalil Ibrahim, Tari Zahir, Zomaya Albert, and Buyya Rajkumar. 2016. Hybrid cryptographic access control for cloud-based EHR systems. IEEE Cloud Comput. 3, 4 (July 2016), 5864. https://doi.org/10.1109/MCC.2016.76Google ScholarGoogle ScholarCross RefCross Ref
  34. [34] Qi Saiyu and Zheng Yuanqing. 2019. Crypt-DAC: Cryptographically enforced dynamic access control in the cloud. IEEE Trans. Depend. Secure Comput. (2019), 11. https://doi.org/10.1109/TDSC.2019.2908164Google ScholarGoogle Scholar
  35. [35] Ramachandra Gururaj, Iftikhar Mohsin, and Khan Farrukh Aslam. 2017. A comprehensive survey on security in cloud computing. Procedia Comput. Sci. 110 (2017), 465472. https://doi.org/10.1016/j.procs.2017.06.124Google ScholarGoogle ScholarCross RefCross Ref
  36. [36] Ramirez E., Brill J., Ohlhausen M. K., Wright J. D., and McSweeny T.. 2014. Data brokers: A call for transparency and accountability. In Data Brokers: A Call for Transparency and Accountability. CreateSpace Independent Publishing Platform, 1101.Google ScholarGoogle Scholar
  37. [37] Rezaeibagha Fatemeh and Mu Yi. 2016. Distributed clinical data sharing via dynamic access-control policy transformation. Int. J. Med. Info. 89 (May 2016), 2531. https://doi.org/10.1016/j.ijmedinf.2016.02.002Google ScholarGoogle ScholarCross RefCross Ref
  38. [38] Rivest R. L., Shamir A., and Adleman L.. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb. 1978), 120126. https://doi.org/10.1145/359340.359342 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. [39] Samarati Pierangela and Vimercati Sabrina de Capitani di. 2000. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design, Focardi Riccardo and Gorrieri Roberto (Eds.). Vol. 2171. Springer, Berlin, 137196. https://doi.org/10.1007/3-540-45608-2_3 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. [40] Sandhu Ravi. 1998. Access control: Principle and practice. Adv. Comput. 46 (10 1998), 237286. https://doi.org/10.1016/S0065-2458(08)60206-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. [41] Sato Hiroyuk and Fugkeaw Somchart. 2015. Design and implementation of collaborative ciphertext-policy attribute-role based encryption for data access control in cloud. J. Info. Secur. Res. 6, 3 (Sept. 2015), 7184.Google ScholarGoogle Scholar
  42. [42] Shamir Adi. 1979. How to share a secret. Commun. ACM 22, 11 (Nov. 1979), 612613. https://doi.org/10.1145/359168.359176 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. [43] Signoretti Enrico. GigaOm Radar for File-Based Cloud Storage. Retrieved from https://gigaom.com/report/gigaom-radar-for-file-based-cloud-storage/.Google ScholarGoogle Scholar
  44. [44] Singh Ashish and Chatterjee Kakali. 2017. Cloud security issues and challenges: A survey. J. Netw. Comput. Appl. 79 (Feb. 2017), 88115. https://doi.org/10.1016/j.jnca.2016.11.027 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. [45] Tang Yang, Lee Patrick P. C., Lui John C. S., and Perlman Radia. 2012. FADE: Secure overlay cloud storage with file assured deletion. IEEE Trans. Depend. Secure Comput. 9, 6 (Nov. 2012), 903916. https://doi.org/10.1109/TDSC.2012.49Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. [46] Zarandioon Saman, Yao Danfeng, and Ganapathy Vinod. 2012. K2C: Cryptographic cloud storage with lazy revocation and anonymous access. In Security and Privacy in Communication Networks, Rajarajan Muttukrishnan, Piper Fred, Wang Haining, and Kesidis George (Eds.). Vol. 96. Springer, Berlin, 5976. https://doi.org/10.1007/978-3-642-31909-9_4Google ScholarGoogle ScholarCross RefCross Ref
  47. [47] Zhou Lan, Varadharajan Vijay, and Hitchens Michael. 2013. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Info. Forensics Secur. 8, 12 (Dec. 2013), 19471960. https://doi.org/10.1109/TIFS.2013.2286456Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Privacy and Security
        ACM Transactions on Privacy and Security  Volume 25, Issue 1
        February 2022
        219 pages
        ISSN:2471-2566
        EISSN:2471-2574
        DOI:10.1145/3485162
        Issue’s Table of Contents

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 23 November 2021
        • Accepted: 1 July 2021
        • Revised: 1 May 2021
        • Received: 1 November 2020
        Published in tops Volume 25, Issue 1

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Full Text

      View this article in Full Text.

      View Full Text

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!