Jin Li; Gansen Zhao; Xiaofeng Chen; Dongqing Xie; Chunming Rong; Wenjun Li; Lianzhang Tang; Yong Tang, "Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing," Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on, vol., no., pp.89,96, Nov. 30 2010-Dec. 3 2010
doi: 10.1109/CloudCom.2010.44
Key Points:
- PROBLEM: How to provide data security and access control for outsourced sensitive data sharing via Cloud. Also how to prevent illegal key sharing among dishonest authorised users.
- CONTRIBUTION:
- For each file, achieves to define and enforce access policies based on attributes in the system. Can only access file is user attributes satisfy the file access structure. A file is encrypted with a symmetric key. This key is then encapsulated using the CP-ABE scheme. Users can decrypt the key if they possess attributes according to the CP-ABE scheme and consequently decrypt the data itself.
- Achieve user accountability in fine-grained data access control systems. Implemented by traitor tracing technique.
- Deploy Cloud servers to carry out revocation operations
Strengths/Weakness:
- Complexity of file encryption only related to number of access policies associated with file and not number of users
- Creation and deletion of files and users only affect the file/user in question and doesn’t involve system wide updates or rekeying.
- The heavy operations of user revocation is delegated to Cloud. Even though burden is off user, it still not a clean solution as the Cloud may have to deal with millions of heavy revocation operations.
Gerome Miklau and Dan Suciu. 2003. Controlling access to published data using cryptography. InProceedings of the 29th international conference on Very large data bases - Volume 29 (VLDB '03), Johann Christoph Freytag, Peter C. Lockemann, Serge Abiteboul, Michael J. Carey, Patricia G. Selinger, and Andreas Heuer (Eds.), Vol. 29. VLDB Endowment 898-909.
Key Points:
- PROBLEM: Trust, privacy and security issues involved when sharing data are immense, however imperative when users are encouraged or forced.
- CONTRIBUTION:
- Provides protection of XML files
- Data owner defines a high-level access policies which converts to queries and later provides a single “protection” for XML data.
- A logical data model for these protections is introduced.
- Shows how to perform encryptions using W3C Recommendation “XML Encryption Syntax”
Strengths/Weakness:
- Not really relevant to allowing data owner access control over his data in distributed systems.
Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati. 2007. A data outsourcing architecture combining cryptography and access control. In Proceedings of the 2007 ACM workshop on Computer security architecture (CSAW '07). ACM, New York, NY, USA, 63-69. DOI=10.1145/1314466.1314477 http://doi.acm.org/10.1145/1314466.1314477
Key Points:
- PROBLEM: Enforcement of authorisation policies and the support of policy updates when outsourcing data on untrusted external servers.
- CONTRIBUTION:
- Data encrypted as the data owner stores data on an external server.
- Authorisations and encryption are merged thus allowing access control enforcement to be outsourced together with the data.
Strengths/Weakness:
- Relies solely on cryptography for the protection and confidentiality of data.
- Data owner does not need to be involved in the enforcement, only to specify the policy.
- The paper does not handle the illegal key sharing problem.
Michael S. Kirkpatrick and Sam Kerr. 2011. Enforcing physically restricted access control for remote data. In Proceedings of the first ACM conference on Data and application security and privacy (CODASPY '11). ACM, New York, NY, USA, 203-212. DOI=10.1145/1943513.1943540 http://doi.acm.org/10.1145/1943513.1943540
Key Points:
- PROBLEM: Restricting access only to known, trusted devices.
- CONTRIBUTION:
- Proposes the idea of physically restricted access control where a data access can only be accessed on unique devices characterised by physically unclonable functions (PUF).
- Defines protocols for registering a device and making an access request.
- Presents a prototype implementation of a client-server architecture which includes the creation of a PUF.
Strengths/Weakness:
- Provides best level of security when data sharing as data owner can nearly guarantee that his data is being viewed by the right data consumer.
- Lower chance of data leakage.
eHealth Journal Paper:
- Notified by publisher that minor revision required.
- Currently working on the revision
eHealth Demo:
- Successfully coded initial phase of protocol.
- Database and web services set up with minimal functionality
ACM CCS Conference Paper:
- Started writing Abstract of paper
- Currently working on Introduction