Table of Contents

Securing Access to Cloud Storage

Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. Not only data but policies, regulating access on data, may reveal sensitive information when they are available in cleartext on the cloud. Therefore, the major research challenges include protection of data, as well as access control policies.

The Proposed Approach

The proposed architecture aims at providing mechanism that can be deployed in an outsourced environment. The following figure illustrates the proposed architecture that has similar components to the widely accepted architecture for the policy-based management proposed by IETF. The proposed architecture uses proxy re-encryption to protect data and access control policies, where a Trusted Key Management Authority (TKMA) distributes keys to users including Admin User and Requester. The TKMA sends server side keys to the Key Store managed by the Service Provider in the Outsourced Environment. In the proposed architecture, an Admin User deploys (i) encrypted data and policies (that regulate access on data) and sends them to the Administration Point that re-encrypts and stores (ii) data and (iii) policies in the Data Store and the Policy Store, respectively. A Requester may send (1) the request to the Policy Enforcement Point (PEP). The PEP forwards (2) the role activation or the access request to the Policy Decision Point (PDP). After receiving the request, the PDP first retrieves (3) Policies from the Policy Store. Optionally, PDP fetches (4a) Contextual Information and (4b) Session Information from Session and the Policy Information Point (PIP), respectively. After making the decision, the PDP sends response to the PEP. The PEP provides access to the data (6a) and updates session (6b). Finally, a response is sent to the Request (7).

The proposed architecture

Themes

Among the research topics of the Security Group, the main stream of this research topic is to regulate access to cloud storage without leaking private information about the sensitive data. In this research activity, we covered a number of themes, in particular,

People

The following is a list a people that have been involved in this research activity at some point in time.

Publications

Talks, Tutorials and Demo

Projects

This research activity was supported by the following projects

Software