Loading...

Enforcing Access Control Policies over Data Stored on Untrusted Server

Soltani, Naeimeh | 2015

1379 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 47731 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasoul
  7. Abstract:
  8. Recently many organizations outsource their data to an external server due to easier data maintenance. One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes some challenges; namely, the number of keys needed to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies . Most of the existing proposed solutions address only some of these challenges, while they impose high overhead on both the data owner and users. Moreover, most of them address enfrocement of policies in form of access control matrix and less of them address enforcement of role-based access control. In role-based access control (RBAC) model, roles are mapped to access permissions and users are mapped to appropriate roles. Moreover, due to the existence of role hierarchical structure and role inheritance, in RBAC, policy management is easeir and more efficient. In this thesis, we introduce an approach to enforce role-based access control policies on encrypted data which was outsourced to an exteranl server. In this approach, we use Chinese Remainder Theorem (CRT) for key management and role/permission assignment. Efficient user revocation, support of role hierarchical structure updates, and enforcement of write access control policies, are of advanteges of the proposed solution. Also, the ciphertext size is linearly proportional to the size of the plaintext, regardless of the number of roles and users who can decrypt the ciphertext; and all the authorized resources are accessible to users of newly added roles, even if resources are encrypted before adding role. To evaluate the proposed approach, we analyzed the factors effective in determining the efficiency of this method and it’s advantages in comparison with other approaches. Also, int this regard, in some cases the results of the primary primary implementation are presented as well
  9. Keywords:
  10. Access Control ; Role Based Access Control ; Confidentiality ; Data Integrity ; Outsourcing ; Data Outsourcing

 Digital Object List

 Bookmark

...see more