With the widespread success and adoption of cloud-based solutions, we are witnessing an ever increasing reliance on external providers for storing and managing data. This evolution is greatly facilitated by the availability of solutions - typically based on encryption - ensuring the confidentiality of externally outsourced data against the storing provider itself. Selective application of encryption (i.e., with different keys depending on the authorizations holding on data) provides a convenient approach to access control policy enforcement. Effective realization of such policy-based encryption entails addressing several problems related to key management, access control enforcement, and authorization revocation, while ensuring efficiency of access and deployment with current technology. We present the design and implementation of an approach to realize policy-based encryption for enforcing access control in OpenStack Swift. We also report experimental results evaluating and comparing different implementation choices of our approach.

Access Control Management for Secure Cloud Storage / E. Bacis, S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, M. Rosa, P. Samarati (LECTURE NOTES OF THE INSTITUTE FOR COMPUTER SCIENCES, SOCIAL INFORMATICS AND TELECOMMUNICATIONS ENGINEERING). - In: Security and Privacy in Communication Networks / [a cura di] R. Deng, J. Weng, K. Ren, V. Yegneswaran. - [s.l] : Springer International Publishing, 2017. - ISBN 9783319596075. - pp. 353-372 (( Intervento presentato al 12. convegno EAI International Conference on Security and Privacy in Communication Networks tenutosi a Guangzhou nel 2016 [10.1007/978-3-319-59608-2_21].

Access Control Management for Secure Cloud Storage

S. De Capitani di Vimercati;S. Foresti;P. Samarati
2017

Abstract

With the widespread success and adoption of cloud-based solutions, we are witnessing an ever increasing reliance on external providers for storing and managing data. This evolution is greatly facilitated by the availability of solutions - typically based on encryption - ensuring the confidentiality of externally outsourced data against the storing provider itself. Selective application of encryption (i.e., with different keys depending on the authorizations holding on data) provides a convenient approach to access control policy enforcement. Effective realization of such policy-based encryption entails addressing several problems related to key management, access control enforcement, and authorization revocation, while ensuring efficiency of access and deployment with current technology. We present the design and implementation of an approach to realize policy-based encryption for enforcing access control in OpenStack Swift. We also report experimental results evaluating and comparing different implementation choices of our approach.
Settore INF/01 - Informatica
   Enforceable Security in the Cloud to Uphold Data Ownership
   ESCUDO CLOUD
   EUROPEAN COMMISSION
   H2020
   644579

   ABC GATES FOR EUROPE
   ABC4EU
   EUROPEAN COMMISSION
   FP7
   312797
2017
EAI
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
bdfprs-securecomm2016.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 449.67 kB
Formato Adobe PDF
449.67 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/513890
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? ND
social impact