Paper 2013/587
ESPOON ERBAC: Enforcing Security Policies in Outsourced Environments
Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo
Abstract
Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data. For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing ESPOON ERBAC for enforcing RBAC policies in outsourced environments. ESPOON ERBAC enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented ESPOON ERBAC and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. Elsevier Computers & Security (COSE), Volume 35, 2013
- Keywords
- Encrypted RBACPolicy ProtectionSensitive Policy EvaluationSecure Cloud StorageConfidentiality
- Contact author(s)
- asghar @ disi unitn it
- History
- 2013-09-14: received
- Short URL
- https://ia.cr/2013/587
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/587, author = {Muhammad Rizwan Asghar and Mihaela Ion and Giovanni Russello and Bruno Crispo}, title = {{ESPOON} {ERBAC}: Enforcing Security Policies in Outsourced Environments}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/587}, year = {2013}, url = {https://eprint.iacr.org/2013/587} }