TY - GEN
T1 - A secure fine-grained access control mechanism for networked storage systems
AU - Lin, Hsiao Ying
AU - Kubiatowicz, John
AU - Tzeng, Wen-Guey
PY - 2012
Y1 - 2012
N2 - Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.
AB - Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.
KW - Access control mechanism
KW - Hybrid encryption
KW - Networked storage system
KW - Proxy re-encryption
UR - http://www.scopus.com/inward/record.url?scp=84866725716&partnerID=8YFLogxK
U2 - 10.1109/SERE.2012.35
DO - 10.1109/SERE.2012.35
M3 - Conference contribution
AN - SCOPUS:84866725716
SN - 9780769547428
T3 - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
SP - 225
EP - 234
BT - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
T2 - 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Y2 - 20 June 2012 through 22 June 2012
ER -