Visible to the public Semantically Rich, Oblivious Access Control Using ABAC for Secure Cloud Storage

TitleSemantically Rich, Oblivious Access Control Using ABAC for Secure Cloud Storage
Publication TypeConference Paper
Year of Publication2017
AuthorsJoshi, M., Mittal, S., Joshi, K. P., Finin, T.
Conference Name2017 IEEE International Conference on Edge Computing (EDGE)
KeywordsAccess Broker, access broker module, Access Control, authorisation, business data processing, cloud computing, cloud service platform, cloud storage security, composability, Computational modeling, Confidentiality Policy, data threats, document handling, document security, Encryption, end-to-end oblivious data transaction, Oblivious Storage, Ontologies, organization confidentiality policies, Organizations, OWL, pubcrawl, Resiliency, robust access control, semantically rich access control system, storage management, Trusted Computing, trusted platform modules, trustworthy access control

Securing their critical documents on the cloud from data threats is a major challenge faced by organizations today. Controlling and limiting access to such documents requires a robust and trustworthy access control mechanism. In this paper, we propose a semantically rich access control system that employs an access broker module to evaluate access decisions based on rules generated using the organizations confidentiality policies. The proposed system analyzes the multi-valued attributes of the user making the request and the requested document that is stored on a cloud service platform, before making an access decision. Furthermore, our system guarantees an end-to-end oblivious data transaction between the organization and the cloud service provider using oblivious storage techniques. Thus, an organization can use our system to secure their documents as well as obscure their access pattern details from an untrusted cloud service provider.

Citation Keyjoshi_semantically_2017