TY - GEN
T1 - How to use attribute-based encryption to implement role-based access control in the cloud
AU - Zhu, Yan
AU - Ma, Di
AU - Hu, Chang Jun
AU - Huang, Dijiang
PY - 2013
Y1 - 2013
N2 - This paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attribute, whereby a user holding the senior attribute values acquires permissions of their juniors. Based on these notations, we present a new ABE scheme called Attribute-Based Encryption with Attribute Lattice (ABE-AL) that provides an efficient approach to implement comparison operations between attribute values on a poset derived from attribute lattice. By using bilinear groups of composite order, we propose a practical construction of ABE-AL based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation solution, which can significantly reduce the size of privatekeys and ciphertexts. Furthermore, our solution provides a richer expressive power of access policies to facilitate flexible access control for ABE scheme.
AB - This paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attribute, whereby a user holding the senior attribute values acquires permissions of their juniors. Based on these notations, we present a new ABE scheme called Attribute-Based Encryption with Attribute Lattice (ABE-AL) that provides an efficient approach to implement comparison operations between attribute values on a poset derived from attribute lattice. By using bilinear groups of composite order, we propose a practical construction of ABE-AL based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation solution, which can significantly reduce the size of privatekeys and ciphertexts. Furthermore, our solution provides a richer expressive power of access policies to facilitate flexible access control for ABE scheme.
KW - attribute lattice
KW - attribute-based encryption
KW - cloud security
KW - partial order
KW - rbac model
UR - http://www.scopus.com/inward/record.url?scp=84878482792&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84878482792&partnerID=8YFLogxK
U2 - 10.1145/2484402.2484411
DO - 10.1145/2484402.2484411
M3 - Conference contribution
AN - SCOPUS:84878482792
SN - 9781450320672
T3 - Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing
SP - 33
EP - 40
BT - Cloud Computing 2013 - Proceedings of the 2013 International Workshop on Security in Cloud Computing
T2 - 2013 1st International Workshop on Security in Cloud Computing, Cloud Computing 2013
Y2 - 8 May 2013 through 8 May 2013
ER -