Cryptographic role-based access control for secure data storage in cloud systems
thesisposted on 2022-03-28, 20:36 authored by Lan Zhou
With the rapid increase in the amount of digital information that needs to be stored, there has been a growing trend in recent times to store data in the cloud because ofthe benefits it provides such as on-demand access and scalability. Cloud data storage raises the important security issue of how to control and prevent unauthorised access to data stored in the cloud. Access control is required to specify who can create the access policies as well as to determine the access mechanisms needed to control access to the stored data. One well-known access control model is the role-based access control (RBAC) model, which provides flexible controls and security management by having two mappings, users to roles and roles to privileges on data objects. We propose role-based encryption (RBE) schemes, which integrate cryptographic techniques with RBAC models, to enforce RBAC policies for data stored in the cloud. Using RBE schemes, the owners of data can encrypt it in such a way that only users with appropriate roles as specified by the access policy can decrypt and view the content of the data. We then describe the design of a secure RBE-based hybrid cloud storage architecture as well as a practical implementation of the proposed RBE-based architecture and its performance results. In large-scale RBAC systems, decentralising the administration tasks is an important issue as it is usually impractical to centralise the task of managing these users and permissions, and their relationships with roles. We propose a cryptographic administrative model AdC-RBAC to manage and enforce role-based access policies for the RBE schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that administrative tasks such as user, permission, and role management are performed only by authorised administrative roles. We have also demonstrated the suitability of the proposed RBE schemes and the developed architecture in two practical applications, one involving secure data storage in the cloud for a banking organisation and the other concerned with secure storage of patient-centric health records in the cloud. The issue of trust is critical in cloud storage systems and it is necessary to address explicitly trust issues in the enforcement of access policies in cloud data storage as often implicit assumptions are made that the various system entities behave properly. We have developed trust models that can help to reason about the behaviour of users, data owners and role managers, taking into account role hierarchy and permission inheritance. We then describe the design of trust-enhanced secure cloud data storage systems integrating trust models and RBE schemes, which reduce risk and improve the quality of cloud storage services.
Table of Contents1. Introduction -- 2. Background -- 3. Generic role-based encryption frameworks -- 4. A concrete role-based encryption construction -- 5. A secure cloud storage system based on role-based encryption -- 6. Administrative model for role-based encryption -- 7. Applications of role-based encryption -- 8. Owner's trust model for role-based encryption -- 9. User's trust model for role-based encryption -- 10. Conclusions and future work.
NotesA thesis submitted to Macquarie University for the degree of Doctor of Philosophy, Department of Computing" "July 2014" Bibliography: pages 243-260 "Typeset in LaTeX2e
Awarding InstitutionMacquarie University
Degree TypeThesis PhD
DegreePhD, Macquarie University, Faculty of Science and Engineering, Department of Computing
Department, Centre or SchoolDepartment of Computing
Year of Award2014
Principal SupervisorVijay Varadharajan
Additional Supervisor 1Michael Hitchens
RightsCopyright Lan Zhou 2014. Copyright disclaimer: http://mq.edu.au/library/copyright
Extent1 online resource (xx, 260 pages) illustrations
Former Identifiersmq:54437 http://hdl.handle.net/1959.14/1142415
role-based access controlCloud computingComputer networksAccess controlAdC-RBACRBACRBEComputer securityInformation technology -- ManagementComputer networks -- Security measuresCloud computing -- Security measuresComputer security -- Access contro.Computer networks -- Access controlData protectionrole-based encryptiontrust modelcloud storageInformation technology