Oblivious Access Control Policies for Cloud Based Data Sharing Systems

Zeeshan Pervez, Asad Masood Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.
Original languageEnglish
Pages (from-to) 915-938
Number of pages24
Issue number12
Publication statusPublished - Dec 2012
Externally publishedYes


  • Cloud storage
  • Data privacy
  • Access control policy
  • Data sharing


Dive into the research topics of 'Oblivious Access Control Policies for Cloud Based Data Sharing Systems'. Together they form a unique fingerprint.

Cite this