Research on Access Control in Cloud Storage System: From Single to Multi-Clouds
American Journal of Software Engineering and Applications
Volume 7, Issue 1, March 2018, Pages: 1-14
Received: Feb. 24, 2018; Accepted: Mar. 21, 2018; Published: Apr. 13, 2018
Views 2045      Downloads 215
Zhijie Fan, Electronics and Information Engineering School, Tongji University, Shanghai, China
Ya Xiao, Electronics and Information Engineering School, Tongji University, Shanghai, China
Chunmei Wang, Ping An Insurance (Group) Company of China, Shanghai, China
Bing Liu, Electronics and Information Engineering School, Tongji University, Shanghai, China
Article Tools
Follow on us
Implementation of access control in cloud storage system is the essential method to protect users’ data from revealing sensitive information. The paper mainly investigates key technologies of access control in cloud storage system, including intra cloud and among multi-clouds. Firstly, we discuss about the focuses in recent researches and challenges of access control in cloud storage system. The access control researches here refer to cipher-text and cross-domain access control in cloud storage system. The key technologies introduce Ciphertext-Policy Attribute-Based Encryption algorithm(CP-ABE), ontology based attributes mapping, algebra based policies integration, solutions for identification, access authorization and identity federation. And the status of these fields is described next. At last, we concluded this paper and proposed some directions in the future work of access control research in cloud storage system. This paper can help to understand the key technologies of access control in cloud storage and helpful in the future researches.
Cloud Storage, Access Control, CP-ABE, Ontology, Identification
To cite this article
Zhijie Fan, Ya Xiao, Chunmei Wang, Bing Liu, Research on Access Control in Cloud Storage System: From Single to Multi-Clouds, American Journal of Software Engineering and Applications. Vol. 7, No. 1, 2018, pp. 1-14. doi: 10.11648/j.ajsea.20180701.11
Copyright © 2018 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License ( which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
CDMI TWG, "Cloud Data Management Interface (CDMI)", CDMI International Standard-2016. doi:10.3403/30334096.
L. Gehlod, V. Jain, and M. Sharma, "Cloud Computing Management and Synchronization Tools", International Journal of Advanced Research in Computer and Communication Engineering, Vol. 2, 2013, pp. 3026-3030.
I. Livenson and E. Laure, "Towards Transparent Integration of Heterogeneous Cloud Storage Platforms", in the fourth International workshop on Data-intensive distributed computing, California, 2011, pp. 27-34.
Y. D. Wang, J. H. Yang, C. Xu, X. Ling, and Y. Yang, "Survey on Access Control Technologies for Cloud Computing", Journal of Software, Vol. 26, no. 5, 2015, pp. 1129-1150.
J. Crampton, "Cryptographically-enforced Hierarchical Access Control with Multiple Keys", Journal of Logic and Algebraic Programming, Vol. 78, no. 8, 2009, pp. 690-700.
V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based Encryption for Fine-grained Access Control of Encrypted Data", in the 13th ACM conference on Computer and communications security, Virginia, 2006, pp. 89-98.
J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-policy Attribute-based Encryption", in the 2007 IEEE Symposium on Security and Privacy, Washington, 2007, pp. 321-334.
Y. Wang, L. Wei, X. Tong, X. Zhao and M. Li, "CP-ABE Based Access Control for Cloud Storage", Information Technology and Intelligent Transportation Systems, Vol. 455, 2017, pp. 463-472.
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, "Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage", ACM Transactions on Information and System Security, Vol. 9, no. 1, 2006, pp. 1-30.
A. Sahai and B. Waters, "Fuzzy Identity-based Encryption", in the 24th annual international conference on Theory and Applications of Cryptographic Techniques, Denmark, 2005, pp. 457-473.
D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed NIST Standard for Role-based Access Control", ACM Transactions on Information and System Security, Vol. 4, no. 3, 2001, pp. 224-274.
Y. Tian, Y. Peng, G. Gao and X. Peng, "Role-based Access Control for Body Area Networks Using Attribute-based Encryption in Cloud Storage". International Journal of Network Security, Vol. 19, no. 5, 2017, pp. 720-726.
R. Dixit, S. Shivathare and G. Ganesh, "Time Domain Attribute Base Access Control for Cloud Based Content Sharing: A Cryptographic Approach", International Journal for Modern Trends in Science and Technology, Vol. 3, no. 1, 2017, pp: 74-78.
E. Yuan and J. Tong, "Attributed based Access Control (ABAC) for Web Services", in the IEEE International Conference on Web Services, Washington, 2005, pp. 1-9.
K. Ke, O. Li, and C. Z. Xu, "Towards Semantic Matching of Attributes in Multi-domain Access Control", in the International Symposium on Intelligence Information Processing and Trusted Computing, Washington, 2010, pp. 349-352.
S. M. Zhang, H. B. Yang and B. Y. Wang, "Realization Distributed Access Control Based on Ontology and Attribute with OWL", Advances in Electronic Engineering, Communication and Management, Vol. 1, Berlin: Springer, 2012, pp. 583-588.
W. T. Tsai and Q. Shao, "Role-based Access-control Using Reference Ontology in Clouds", in the Tenth International Symposium on Autonomous Decentralized Systems, Washington, 2011, pp. 121-128.
R. Jagadeesan, W. Marrero, C. Pitcher and V. Sarawat, "Timed Constraint Programming: a Declarative Approach to Usage Control", in the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, New York, 2005, pp. 164-175.
M. Backes, M. Dürmuth and R. Steinwandt, "An Algebra for Composing Enterprise Privacy Policies", in 9th European Symposium on Research Computer Security, France, 2004, pp. 33-52.
P. Rao, D. Lin, E. Bertino, N. Li and J. Lobo, "An Algebra for Fine-grained Integration of XACML Policies", in the 14th ACM symposium on access control models and technologies, New York, 2009, pp. 63-72.
L. Y. Yu, "RDFS and Ontology", A Developer’s Guide to the Semantic Web, 2011, pp. 109-153.
L. Y. Yu, "OWL: Web Ontology Language", A Developer’s Guide to the Semantic Web, 2011, pp. 155-239.
Web Ontology Language (OWL), Semantic Web Standards-2012.
G. Navarro, "A Guided Tour to Approximate String Matching", ACM Computing Surveys, Vol. 33, no. 1, 2001, pp. 31-38.
P. Bonatti, S. D. C. D. Vimercati, P. Samarati, "An Algebra for Composing Access Control Policies", ACM Transactions on Information and System Security, Vol. 5, no. 1, 2002, pp. 1-35.
The OAuth 2.0 Authorization Framework, IETF standard-2012.
N. Naik and P. Jenkins, "An Analysis of Open Standard Identity Protocols in Cloud Computing Security Paradigm", in IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 2016, pp. 428-431.
EXtensible Access Control Markup Language (XACML) Version 3.0, OASIS standard-2013
Identity Provider Deployment, UK Access Management Federation for Education and Research, 2008.
A. Kumar, "Model Driven Security Analysis of IDaaS Protocols", in the 9th international conference on Service-Oriented Computing, Berlin, 2011, pp. 312-327.
M. H. Cho, E. G. Jang, Y. R. Choi, "User Authentication Technology using Multiple SSO in the Cloud Computing Environment", Journal of The Korea Society of Computer and Information. Vol. 21, no. 4, 2016, pp. 31-38.
Security Assertion Markup Language (SAML) V2.0, OASIS standard-2005.
B. R. Sekhar, B. S. Kumar, L. S. Reddy and V Poornachandar, "CP-ABE Based Encryption for Secured Cloud Storage Access", International Journal of Scientific & Engineering Research, Vol. 3, no. 9, 2012, pp. 628-632.
S. Alshehri, S. Radziszowski and R. K. Rajendra, "Designing a Secure Cloud-Based EHR System using Ciphertext-Policy Attribute-Based Encryption", in the Data Management in the Cloud Workshop, 2012, pp. 1-5.
D. Y. Xu, F. Y. Luo, L. Gao, Z. Tang, "Fine-grained Document Sharing using Attribute-based Encryption in Cloud Servers", in the 3rd International Conference on Innovative Computing Technology, 2013, pp. 65-70.
J. Katz, A. Sahai, B. Waters, "Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products", Journal of Cryptology, Vol. 26, no. 2, 2013, pp. 191-224.
A. Lewko, T. Okamoto, A. Sahai, K. Takashima and B. Waters, "Fully Secure Functional Encryption: Attribute-based Encryption and (Hierarchical) Inner Product Encryption", in the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Berlin 2010, pp. 62-91.
J. Z. Lai, R. H. Deng and Y. J. Li, "Fully Secure Cipertext-policy Hiding CP-ABE," in International Conference on Information Security Practice and Experience, 2011, pp. 24-39.
J. Z. Lai, R. H. Deng and Y. J. Li, "Expressive CP-ABE with Partially Hidden Access Structures", in the 7th ACM Symposium on Information, Computer and Communications Security, New York 2012, pp. 18-29.
M. Backes, C. Cachin and A. Oprea, "Lazy Revocation in Cryptographic File Systems", in the Third IEEE Int. Security in Storage Workshop, Washington, 2005, pp. 1-11.
B. Libert and D. Vergnaud. "Unidirectional Chosen-ciphertext Secure Proxy Re-encryption", IEEE Transactions on Information Theory, Vol. 57, no. 3, pp. 360-379, 2011.
X. H. Liang, Z. F. Cao, H. Lin and J. Shao, "Attribute based Rroxy Re-encryption with Delegating Capabilities", in the 4th International Symposium on Information, Computer, and Communications Security, New York, 2009, pp. 276-286.
K. Yang, X. Jia and K. Ren, "Attribute-based Fine-grained Access Control with Efficient Revocation in Cloud Storage Systems", in the 8th ACM SIGSAC symposium on Information, computer and communications security, New York, 2013, pp. 523-528.
R. Zhang and P. Chen, "A Dynamic Cryptographic Access Control Scheme in Cloud Storage Services", in 8th Int. Conf. on Computing and Networking Technology (ICCNT), 2012, pp. 50-55.
Y. Cheng, Z. Y. Wang, J. Ma, J. J. Wu, S. Z. Mei and J. C. Ren. "Efficient Revocation in Ciphertext-policy Attribute-based Encryption based Cryptographic Cloud Storage", Journal of Zhejiang University SCIENCE C: Computer & Electronics, Vol. 14, no. 2, 2013, pp. 85-97.
K. Yang, X. Jia, K. Ren, B. Zhang and R. T. Xie. "DAC-MACS: Effective Data Access Control for Multi-authority Cloud Storage Systems", IEEE Trans. Inf. Forensics Security, Vol. 8, no. 11, 2013, pp. 1790–1801.
W. Li, K. P. Xue, Y. Xue and J. Hong, "TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage", IEEE Transactions on Parallel and Distributed Systems, Vol. 27, no. 5, 2016, pp. 1484-1496.
D. Pal, P. Khethavath, J. P. Thomas and T. chen, "Multilevel Threshold Secret Sharing in Distributed Cloud", in Security in Computing and Communications. 2015, pp. 13-23.
Y. Zhu, D. J. Huang, C. J. Hu and X. Wang, "From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services", IEEE Transactions on Services Computing, Vol. 8, no. 4, 2015, pp. 601-616.
S. Fugkeaw and H. Sato, "An Extended CP-ABE based Access Control Model for Data Outsourced in the Cloud", in the IEEE 39th Annual Computer Software and Applications Conference, Washington, Vol. 3, 2015, pp. 73-78.
X. H. Yang and H. Wang, "A Cross-Domain Access Control Model Based on Trust Measurement", Wuhan University Journal of Natural Sciences. Vol. 21, no. 1, 2016, pp. 21-28.
D. Xiong, P. Zou, J. Cai and J. He, "A Dynamic Multi-domain Access ControlModel in Cloud Computing", International Symposium on Security in Computing and Communication, Vol. 536, 2015, pp. 3-12.
W. P. Peng, X. Z. Liu, H. R. Guo and C. Song, "Research on Trust Based Access Control in Cross Domain", Application Research of Computers, Vol. 33, no. 6, 2016, pp. 1790-1796.
N. Pustchi, F. Patwa and R. Sandhu, "Multi Cloud IaaS with Domain Trust in OpenStack", in the Sixth ACM Conference on Data and Application Security and Privacy, New York, 2016, pp. 121-123.
N. K. Sharma and A. Joshi, "Representing Attribute Based Access Control Policies in OWL", in IEEE Tenth International Conference on Semantic Computing, 2016, pp. 333-336.
M. Imran-Daud, D. Sánchez and A. Viejo, "Privacy-driven access control in social lnetworks by means of automatic semantic annotation", Computer Communications, Vol. 76, 2016, pp. 12-25.
M. Auxilia and K. Raja, "Ontology Centric Access Control Mechanism for Enabling Data Protection in Cloud", Indian Journal of Science and Technology. Vol. 9, no. 23, 2016, pp. 1-7.
D. Lin and A. Squicciarini, "Data Protection Models for Service Provisioning in the Cloud", in the 15th ACM symposium on access control models and technologies, New York, 2010, pp. 183-192.
Y. Y. Li, H. R. Guo, W. P. Peng and C. Song. "Trust Attribute-based Access Control Policies Composition", Application Research of Computers. Vol. 33, no. 7, 2016, pp. 2175-2180.
L. Lin, J. Hu and J. Zhang. "Packet: a Privacy-aware Access Control Policy Composition Method for Services Composition in Cloud Environments", Frontiers of Computer Science, Vol. 10, no. 6, 2016, pp. 1142-1157.
A. Vashistha, R. Porwal, A. K. Soni. "A Taxonomy of Scheduling Algorithms for Cloud Computing", International Journal of Computer Science Issues, Vol. 12, no. 1, 2015, pp. 67-71.
M. Radi. "Efficient Service Broker Policy For Large-Scale Cloud Environments", International Journal of Computer Science Issues, Vol. 12, no. 1, 2015, pp. 85-90.
A. Benali, B. E. Asri, H. Kriouile. "Toward Sensor and Software Product Line Based Context Aware Cloud Environment Assignment", International Journal of Computer Science Issues, Vol. 13, no. 5, 2016, pp. 76-85.
Science Publishing Group
1 Rockefeller Plaza,
10th and 11th Floors,
New York, NY 10020
Tel: (001)347-983-5186