{"title":"ABEBox:一种数据驱动的访问控制,用于通过有效的密钥撤销来保护公共云存储","authors":"E. Raso, L. Bracciale, P. Loreti, G. Bianchi","doi":"10.1145/3465481.3469206","DOIUrl":null,"url":null,"abstract":"Besides providing data sharing, commercial cloud-based storage services (e.g., Dropbox) also enforce access control, i.e. permit users to decide who can access which data. In this paper we advocate the separation between the sharing of data and the access control function. We specifically promote an overlay approach which provides end-to-end encryption and empowers the end users with the possibility to enforce access control policies without involving the cloud provider itself. To this end, our proposal, named ABEBox, relies on the careful combination of i) attribute-based encryption for custom policy definition and management, with ii) proxy re-encryption to provide scalable re-keying and protection to key-scraping attacks, with a novel revocation procedure. Moreover, iii) we concretely embed our protection mechanisms inside a public domain virtual file system module to provide an overlay and trivial-to-use transparent service which can be deployed on top of any arbitrary cloud storage provider.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"452 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"ABEBox: A data driven access control for securing public cloud storage with efficient key revocation\",\"authors\":\"E. Raso, L. Bracciale, P. Loreti, G. Bianchi\",\"doi\":\"10.1145/3465481.3469206\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Besides providing data sharing, commercial cloud-based storage services (e.g., Dropbox) also enforce access control, i.e. permit users to decide who can access which data. In this paper we advocate the separation between the sharing of data and the access control function. We specifically promote an overlay approach which provides end-to-end encryption and empowers the end users with the possibility to enforce access control policies without involving the cloud provider itself. To this end, our proposal, named ABEBox, relies on the careful combination of i) attribute-based encryption for custom policy definition and management, with ii) proxy re-encryption to provide scalable re-keying and protection to key-scraping attacks, with a novel revocation procedure. Moreover, iii) we concretely embed our protection mechanisms inside a public domain virtual file system module to provide an overlay and trivial-to-use transparent service which can be deployed on top of any arbitrary cloud storage provider.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"452 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3469206\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3469206","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
ABEBox: A data driven access control for securing public cloud storage with efficient key revocation
Besides providing data sharing, commercial cloud-based storage services (e.g., Dropbox) also enforce access control, i.e. permit users to decide who can access which data. In this paper we advocate the separation between the sharing of data and the access control function. We specifically promote an overlay approach which provides end-to-end encryption and empowers the end users with the possibility to enforce access control policies without involving the cloud provider itself. To this end, our proposal, named ABEBox, relies on the careful combination of i) attribute-based encryption for custom policy definition and management, with ii) proxy re-encryption to provide scalable re-keying and protection to key-scraping attacks, with a novel revocation procedure. Moreover, iii) we concretely embed our protection mechanisms inside a public domain virtual file system module to provide an overlay and trivial-to-use transparent service which can be deployed on top of any arbitrary cloud storage provider.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
