Access Control Mechanisms for Outsourced Data in Cloud
Abstract. Traditional access control models often assume that the en- tity enforcing access control policies is also the owner of data and re- sources. This assumption no longer holds when data is outsourced to a third-party storage provider, such as the cloud. Existing access control solutions mainly focus on preserving condentiality of stored data from unauthorized access and the storage provider. However, in this setting, access control policies as well as users’ access patterns also become pri- vacy sensitive information that should be protected from the cloud. We propose a two-level access control scheme that combines coarse-grained access control enforced at the cloud, which allows to get acceptable com- munication overhead and at the same time limits the information that the cloud learns from his partial view of the access rules and the ac- cess patterns, and ne-grained cryptographic access control enforced at the user’s side, which provides the desired expressiveness of the access control policies. Our solution handles both read and write access control.