ABAC: Attribute-based access control


Cloud storage service allows data owner to outsource their data to the cloud and through which provide the data access to the users. Because the cloud server and the data owner are not in the same trust domain, the semi-trusted cloud server cannot be relied to enforce the access policy. To address this challenge, traditional methods usually require the data owner to encrypt the data and deliver decryption keys to authorized users. These methods, however, normally involve complicated key management and high overhead on data owner. In this chapter, we introduce ABAC, an access control framework for cloud storage systems that achieves fine-grained access control based on an adapted Ciphertext-Policy Attribute-based Encryption (CP-ABE) approach. In ABAC, an efficient attribute revocation method is proposed to cope with the dynamic changes of users’ access privileges in large-scale systems.

Publication Title

SpringerBriefs in Computer Science