36 Scopus citations

Abstract

This paper addresses how to construct an RBAC-compatible secure cloud storage service with a user-friendly and easy-to-manage attribute-based access control (ABAC) mechanism. Similar to role hierarchies in RBAC, attribute hierarchies (considered as partial ordering relations) are introduced into attribute-based encryption (ABE) in order to define a seniority relation among all values of an attribute, whereby a user holding senior attribute values acquires permissions of his/her juniors. Based on these notations, we present a new ABE scheme called attribute-based encryption with attribute hierarchies (ABE-AH) to provide an efficient approach to implement comparison operations between attribute values on a poset derived from an attribute lattice. By using bilinear groups of a composite order, we present a practical construction of ABE-AH based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation approach that can significantly reduce the size of private-keys and ciphertexts. To demonstrate how to use the presented solution, we illustrate how to provide richer expressive access policies to facilitate flexible access control for data access services in clouds.

Original languageEnglish (US)
Article number6926824
Pages (from-to)601-616
Number of pages16
JournalIEEE Transactions on Services Computing
Volume8
Issue number4
DOIs
StatePublished - Jul 1 2015

Keywords

  • Security
  • attribute-based encryption
  • data migration
  • role-based access control
  • secure cloud storage

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services'. Together they form a unique fingerprint.

  • Cite this