Oblivious Access Control Policies for Cloud Based Data Sharing Systems

Zeeshan Pervez, Asad Masood Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.
Original languageEnglish
Pages (from-to) 915-938
Number of pages24
JournalComputing
Volume94
Issue number12
DOIs
Publication statusPublished - Dec 2012
Externally publishedYes

Fingerprint

Data Sharing
Control Policy
Access Control
Access control
Evaluation
Valid
Security Analysis
Storage System
Encryption
Cryptography
Privacy
Program processors
Computational complexity
Computational Complexity
Servers
Server
Evaluate
Costs

Keywords

  • Cloud storage
  • Data privacy
  • Access control policy
  • Data sharing

Cite this

Pervez, Zeeshan ; Khattak, Asad Masood ; Lee, Sungyoung ; Lee, Young-Koo ; Huh, Eui-Nam . / Oblivious Access Control Policies for Cloud Based Data Sharing Systems. In: Computing . 2012 ; Vol. 94, No. 12. pp. 915-938.
@article{a0e4292e2b534470afbf616785f33d5d,
title = "Oblivious Access Control Policies for Cloud Based Data Sharing Systems",
abstract = "Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.",
keywords = "Cloud storage, Data privacy, Access control policy, Data sharing",
author = "Zeeshan Pervez and Khattak, {Asad Masood} and Sungyoung Lee and Young-Koo Lee and Eui-Nam Huh",
year = "2012",
month = "12",
doi = "10.1007/s00607-012-0206-z",
language = "English",
volume = "94",
pages = "915--938",
journal = "Computing",
issn = "0010-485X",
publisher = "Springer Nature",
number = "12",

}

Oblivious Access Control Policies for Cloud Based Data Sharing Systems. / Pervez, Zeeshan; Khattak, Asad Masood; Lee, Sungyoung ; Lee, Young-Koo; Huh, Eui-Nam .

In: Computing , Vol. 94, No. 12, 12.2012, p. 915-938.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Oblivious Access Control Policies for Cloud Based Data Sharing Systems

AU - Pervez, Zeeshan

AU - Khattak, Asad Masood

AU - Lee, Sungyoung

AU - Lee, Young-Koo

AU - Huh, Eui-Nam

PY - 2012/12

Y1 - 2012/12

N2 - Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

AB - Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

KW - Cloud storage

KW - Data privacy

KW - Access control policy

KW - Data sharing

U2 - 10.1007/s00607-012-0206-z

DO - 10.1007/s00607-012-0206-z

M3 - Article

VL - 94

SP - 915

EP - 938

JO - Computing

JF - Computing

SN - 0010-485X

IS - 12

ER -