Sharif Digital Repository

One of the security issues in data outsourcing scenario is the enforcement of data owner's access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions... 

In cloud storage services, public auditing mechanisms allow a third party to verify integrity of the outsourced data on behalf of data owners without the need to retrieve data from the cloud server. In some applications, the identity of data users should be kept private from the third party auditor. Oruta is a privacy preserving public auditing scheme for shared data in the cloud which exploits ring signatures to protect the identity privacy. In this paper, we propose two attacks and demonstrate that the scheme is insecure and a dishonest server can arbitrarily tamper the outsourced data without being detected by the auditor. We also propose a solution to remedy this weakness with the...