Litcius/Paper detail

Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization

Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise

202018 citationsDOI

Abstract

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities---e.g., a data storage service or a proxy mediating the access of users to encrypted data---that operate in different (security) domains---e.g., on-premise or the CSP. However, the majority of the CAC schemes assume a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may substantially undermine scalability.

Topics & Concepts

Computer scienceCloud computingAccess controlScalabilityComputer securityVendorEnforcementOutsourcingCryptographic primitiveCryptographyUsabilityEncryptionService providerProxy (statistics)Computer networkCryptographic protocolService (business)DatabaseBusinessMarketingHuman–computer interactionMachine learningLawOperating systemPolitical scienceCryptography and Data SecurityCloud Data Security SolutionsBlockchain Technology Applications and Security
Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization | Litcius