User Tools

Site Tools


securing_access_to_cloud_storage

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
securing_access_to_cloud_storage [2013/05/02 18:39]
m.r.asghar@unitn.it [Projects]
securing_access_to_cloud_storage [2021/01/29 10:58] (current)
Line 6: Line 6:
 The proposed architecture aims at providing mechanism that can be deployed in an outsourced environment. The following figure illustrates the proposed architecture that has similar components to the widely accepted architecture for the policy-based management proposed by IETF. The proposed architecture uses proxy re-encryption to protect data and access control policies, where a Trusted Key Management Authority (TKMA) distributes keys to users including Admin User and Requester. The TKMA sends server side keys to the Key Store managed by the Service Provider in the Outsourced Environment. In the proposed architecture,​ an Admin User deploys (i) encrypted data and policies (that regulate access on data) and sends them to the Administration Point that re-encrypts and stores (ii) data and (iii) policies in the Data Store and the Policy Store, respectively. A Requester may send (1) the request to the Policy Enforcement Point (PEP). The PEP forwards (2) the role activation or the access request to the Policy Decision Point (PDP). After receiving the request, the PDP first retrieves (3) Policies from the Policy Store. Optionally, PDP fetches (4a) Contextual Information and (4b) Session Information from Session and the Policy Information Point (PIP), respectively. After making the decision, the PDP sends response to the PEP. The PEP provides access to the data (6a) and updates session (6b). Finally, a response is sent to the Request (7). The proposed architecture aims at providing mechanism that can be deployed in an outsourced environment. The following figure illustrates the proposed architecture that has similar components to the widely accepted architecture for the policy-based management proposed by IETF. The proposed architecture uses proxy re-encryption to protect data and access control policies, where a Trusted Key Management Authority (TKMA) distributes keys to users including Admin User and Requester. The TKMA sends server side keys to the Key Store managed by the Service Provider in the Outsourced Environment. In the proposed architecture,​ an Admin User deploys (i) encrypted data and policies (that regulate access on data) and sends them to the Administration Point that re-encrypts and stores (ii) data and (iii) policies in the Data Store and the Policy Store, respectively. A Requester may send (1) the request to the Policy Enforcement Point (PEP). The PEP forwards (2) the role activation or the access request to the Policy Decision Point (PDP). After receiving the request, the PDP first retrieves (3) Policies from the Policy Store. Optionally, PDP fetches (4a) Contextual Information and (4b) Session Information from Session and the Policy Information Point (PIP), respectively. After making the decision, the PDP sends response to the PEP. The PEP provides access to the data (6a) and updates session (6b). Finally, a response is sent to the Request (7).
  
-{{:​research_activities:​generic-arch.png|The proposed architecture}}+{{generic-arch.png|The proposed architecture}}
  
 ==== Themes ==== ==== Themes ====
Line 21: Line 21:
  
   * [[http://​disi.unitn.it/​~asghar/​|Muhammad Rizwan Asghar]] (active)   * [[http://​disi.unitn.it/​~asghar/​|Muhammad Rizwan Asghar]] (active)
-  * Mihaela Ion 
-  * [[http://​www.cs.auckland.ac.nz/​~russello/​|Giovanni Russello]] (active) 
   * [[http://​disi.unitn.it/​~crispo/​|Bruno Crispo]] (active)   * [[http://​disi.unitn.it/​~crispo/​|Bruno Crispo]] (active)
 +  * [[http://​www.cs.auckland.ac.nz/​~russello/​|Giovanni Russello]] (active)
 +  * Mihaela Ion
 ==== Publications ==== ==== Publications ====
  
-  * Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **ESPOON<​sub>​ERBAC</​sub>:​ Enforcing security policies in outsourced environments**,​ Elsevier Computers & Security (COSE), ​2012. In Press. {{http://​disi.unitn.it/​~asghar/​papers/​asghar12-cose.pdf|PDF}}+  ​* Muhammad Rizwan Asghar, Giovanni Russello, Bruno Crispo, and Mihaela Ion, **Supporting Complex Queries and Access Policies for Multi-user Encrypted Databases**,​ In Proceedings of The 5th ACM Workshop on Cloud Computing Security Workshop (CCSW) in conjunction with the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.  
 +  ​* Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **ESPOON<​sub>​ERBAC</​sub>:​ Enforcing security policies in outsourced environments**,​ Elsevier Computers & Security (COSE), ​Volume 35, 2013. {{asghar13-cose.pdf|PDF}}
   * Mihaela Ion, Giovanni Russello, and Bruno Crispo, **Enforcing Multi-user Access Policies to Encrypted Cloud Databases**,​ In Proceedings of the 12th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), Pisa, Italy, June 2011.   * Mihaela Ion, Giovanni Russello, and Bruno Crispo, **Enforcing Multi-user Access Policies to Encrypted Cloud Databases**,​ In Proceedings of the 12th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), Pisa, Italy, June 2011.
   * Muhammad Rizwan Asghar, Giovanni Russello, and Bruno Crispo, **Poster: ESPOON<​sub>​ERBAC</​sub>:​ Enforcing security policies in outsourced environments with encrypted RBAC**, In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 841-844. ACM, 2011.   * Muhammad Rizwan Asghar, Giovanni Russello, and Bruno Crispo, **Poster: ESPOON<​sub>​ERBAC</​sub>:​ Enforcing security policies in outsourced environments with encrypted RBAC**, In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 841-844. ACM, 2011.
-  * Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments**,​ In Proceedings of the 6th International Conference on Availability,​ Reliability and Security, ARES'​11,​ pages 99-108. IEEE Computer Society, August 2011. {{http://​disi.unitn.it/​~asghar/​papers/​asghar11-ares.pdf|PDF}} +  * Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments**,​ In Proceedings of the 6th International Conference on Availability,​ Reliability and Security, ARES'​11,​ pages 99-108. IEEE Computer Society, August 2011. {{asghar11-ares.pdf|PDF}} 
-  * Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **Securing Data Provenance in the Cloud**, IFIP WG 11.4 - Open Problems in Network Security (iNetSec), Lucerne, Switzerland,​ June 2011.+  * Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, **Securing Data Provenance in the Cloud**, IFIP WG 11.4 - Open Problems in Network Security (iNetSec), Lucerne, Switzerland,​ June 2011. {{asghar11-inetsec-provenance.pdf|PDF}}
 ==== Talks, Tutorials and Demo ==== ==== Talks, Tutorials and Demo ====
  
 +  * Muhammad Rizwan Asghar, **ESPOON: Enforcing Security Policies in Outsourced Environments**,​ SRI International,​ Menlo Park, California, USA, August 2012. {{espoon-recent.ppt|Slides}}
   * Muhammad Rizwan Asghar, **Enforcing Security Policies in Outsourced Environments**,​ The 3rd Workshop on Cryptography (BunnyTN3), Trento, Italy, March 2012.   * Muhammad Rizwan Asghar, **Enforcing Security Policies in Outsourced Environments**,​ The 3rd Workshop on Cryptography (BunnyTN3), Trento, Italy, March 2012.
   * Muhammad Rizwan Asghar, **ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments**,​ The 6th IEEE International Conference on Availability,​ Reliability and Security (ARES), Vienna, Austria, August 2011.   * Muhammad Rizwan Asghar, **ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments**,​ The 6th IEEE International Conference on Availability,​ Reliability and Security (ARES), Vienna, Austria, August 2011.
Line 46: Line 48:
  
 ==== Software ==== ==== Software ====
-  * We have developed prototype for securing data, as well as access control policies in outsourced environments. To get the source code, please contact [[http://​disi.unitn.it/​~asghar/​|Muhammad Rizwan Asghar]].+  * As a result of this research activity, we have developed ​prototype for securing data, as well as access control policies in outsourced environments. To get the source code, please contact [[http://​disi.unitn.it/​~asghar/​|Muhammad Rizwan Asghar]].
securing_access_to_cloud_storage.1367512778.txt.gz · Last modified: 2021/01/29 10:58 (external edit)