A Trust management framework for secure cloud data storage using cryptographic role-based access control

In recent times, there has been an increasing development of storing data securely in the cloud. The Role-based access control (RBAC) model, a widely used access control model, can provide a flexible way for data owners to manage and share their data in the cloud environment. To enforce the access control policies in the cloud, several cryptographic RBAC schemes have been proposed recently, which integrate cryptographic techniques with RBAC models to secure data storage in an outsourced environment such as a cloud. However, these schemes do not address the issue of trust in such a data storage system. In this paper, we introduce a trust management framework which can enhance the security of data in cloud storage systems using cryptographic RBAC schemes. The trust management framework provides an approach for each party in such a cloud storage system to determine the trustworthiness of other parties. The framework consists of a series of trust models, which (i) enable the users and the data owners to decide whether to interact with a particular role for accessing and sharing data in the system and (ii) allow the role managers to evaluate the trustworthiness of users and data owners. These trust models take into account role inheritance and hierarchy in the evaluation of trustworthiness of the roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust models for users and roles can be integrated into a system that uses cryptographic RBAC schemes.26 page(s

Ensuring Spatio-temporal Access Control for Real-world Applications

Traditional access control models, such as Role-Based Access Control (RBAC), do not take into account contextual information, such as location and time, for making access decisions. Consequently, they are inadequate for specifying the access control needs of many complex real-world applications, such as the Dengue Decision Support (DDS) that we discuss in this paper. We need to ensure that such applications are adequately protected using emerging access control models. This requires us to represent the application and its access control requirements in a formal specification language. We choose the Unified Modeling Language (UML) for this purpose, since UML is becoming the defacto specification language in the software industry. We need to analyze this formal specification to get assurance that the application is adequately protected. Manual analysis is error-prone and tedious. Thus, we need automate

Enforcing Subscription-based Authorization Policies in Cloud Scenarios

Abstract. The rapid advances in the Information and Communication Technologies have brought to the development of on-demand high quality applications and services allowing users to easily access resources anywhere anytime. Users can pay for a service and access the resources made available during their subscriptions until the subscribed periods expire. Users are then forced to download such resources if they want to access them also after the subscribed periods. To avoid this burden to the users, we propose the adoption of a subscription-based access control policy that combines a flexible key derivation structure with selectiveencryption. The publication of new resources as well as the management of subscriptions are accommodated by adapting the key derivation structure in a transparent way for the users

Taking into Account Functional Models in the Validation of IS Security Policies

International audienceDesigning a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. We suggest to translate both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. We show how various kinds of constraints can be expressed and animated in this context