Oblivious Access Control Policies for Cloud Based Data Sharing Systems

Zeeshan Pervez; Asad Masood Khattak; Sungyoung  Lee; Young-Koo Lee; Eui-Nam  Huh

doi:10.1007/s00607-012-0206-z

Oblivious Access Control Policies for Cloud Based Data Sharing Systems

Zeeshan Pervez, Asad Masood Khattak, Sungyoung Lee, Young-Koo Lee, Eui-Nam Huh

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

Original language	English
Pages (from-to)	915-938
Number of pages	24
Journal	Computing
Volume	94
Issue number	12
DOIs	https://doi.org/10.1007/s00607-012-0206-z
Publication status	Published - Dec 2012
Externally published	Yes

Keywords

Cloud storage
Data privacy
Access control policy
Data sharing

Access to Document

10.1007/s00607-012-0206-z

Cite this

@article{a0e4292e2b534470afbf616785f33d5d,

title = "Oblivious Access Control Policies for Cloud Based Data Sharing Systems",

abstract = "Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.",

keywords = "Cloud storage, Data privacy, Access control policy, Data sharing",

author = "Zeeshan Pervez and Khattak, {Asad Masood} and Sungyoung Lee and Young-Koo Lee and Eui-Nam Huh",

year = "2012",

month = dec,

doi = "10.1007/s00607-012-0206-z",

language = "English",

volume = "94",

pages = " 915--938",

journal = "Computing ",

issn = "0010-485X",

publisher = "Springer",

number = "12",

}

TY - JOUR

T1 - Oblivious Access Control Policies for Cloud Based Data Sharing Systems

AU - Pervez, Zeeshan

AU - Khattak, Asad Masood

AU - Lee, Sungyoung

AU - Lee, Young-Koo

AU - Huh, Eui-Nam

PY - 2012/12

Y1 - 2012/12

N2 - Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

AB - Conventional procedures to ensure authorized data access by using access control policies are not suitable for cloud storage systems as these procedures can reveal valid access parameters to a cloud service provider. In this paper, we have proposed oblivious access control policy evaluation (O-ACE); a data sharing system, which obliviously evaluates access control policy on a cloud server and provisions access to the outsourced data. O-ACE reveals no useful information about the access control policy neither to the cloud service provider nor to the unauthorized users. Through the security analysis of O-ACE it has been observed that computational complexity to compromise privacy of the outsourced data is same as reverting asymmetric encryption without valid key pair. We have realized O-ACE for Google Cloud. Our evaluation results show the fact that O-ACE CPU utilization cost is 0.01–0.30 dollar per 1,000 requests.

KW - Cloud storage

KW - Data privacy

KW - Access control policy

KW - Data sharing

U2 - 10.1007/s00607-012-0206-z

DO - 10.1007/s00607-012-0206-z

M3 - Article

SN - 0010-485X

VL - 94

SP - 915

EP - 938

JO - Computing

JF - Computing

IS - 12

ER -

Oblivious Access Control Policies for Cloud Based Data Sharing Systems

Abstract

Keywords

Access to Document

Fingerprint

Cite this