Who is touching my cloud

Hua Deng; Qianhong Wu; Bo Qin; Jian Mao; Xiao Liu; Lei Zhang; Wenchang Shi

doi:10.1007/978-3-319-11203-9_21

Who is touching my cloud

Hua Deng
, Qianhong Wu
, Bo Qin^*
, Jian Mao
, Xiao Liu
, Lei Zhang
, Wenchang Shi

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

27 Scopus citations

Abstract

Advanced access controls have been proposed to secure sensitive data maintained by a third party. A subtle issue in such systems is that some access credentials may be leaked due to various reasons, which could severely damage data security. In this paper, we investigate leakage tracing enabled access control over outsourced data, so that one can revoke the suspected leaked credentials or prepare judicial evidences for legal procedure if necessary. Specifically, we propose a leaked access credential tracing (LACT) framework to secure data outsourced to clouds and formalize its security model. Following the framework, we construct a concrete LACT scheme that is provably secure. The proposed scheme offers fine-grained access control over outsourced data, by which the data owner can specify an access policy to ensure that the data is only accessible to the users meeting the policy. In case of suspectable illegal access to outsourced data with leaked credentials, a tracing procedure can be invoked to tracing in a black-box manner at least one of the users who leaked their access credentials. The tracing procedure can run without the cloud service provider being disturbed. Analysis shows that the introduction of tracing access credential leakage incurs little additional cost to either data outsourcing or access procedure.

Original language	English
Title of host publication	Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings
Publisher	Springer Verlag
Pages	362-379
Number of pages	18
Edition	PART 1
ISBN (Print)	9783319112022
DOIs	https://doi.org/10.1007/978-3-319-11203-9_21
State	Published - 2014
Event	19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland Duration: 7 Sep 2014 → 11 Sep 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 1
Volume	8712 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th European Symposium on Research in Computer Security, ESORICS 2014
Country/Territory	Poland
City	Wroclaw
Period	7/09/14 → 11/09/14

Keywords

access control
access credential leakage
cloud storage
data privacy
digital forensics

Access to Document

10.1007/978-3-319-11203-9_21

Cite this

Deng, H., Wu, Q., Qin, B., Mao, J., Liu, X., Zhang, L., & Shi, W. (2014). Who is touching my cloud. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings (PART 1 ed., pp. 362-379). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8712 LNCS, No. PART 1). Springer Verlag. https://doi.org/10.1007/978-3-319-11203-9_21

@inproceedings{749f6a82388e4f3d8a25fac20f4f257a,

title = "Who is touching my cloud",

abstract = "Advanced access controls have been proposed to secure sensitive data maintained by a third party. A subtle issue in such systems is that some access credentials may be leaked due to various reasons, which could severely damage data security. In this paper, we investigate leakage tracing enabled access control over outsourced data, so that one can revoke the suspected leaked credentials or prepare judicial evidences for legal procedure if necessary. Specifically, we propose a leaked access credential tracing (LACT) framework to secure data outsourced to clouds and formalize its security model. Following the framework, we construct a concrete LACT scheme that is provably secure. The proposed scheme offers fine-grained access control over outsourced data, by which the data owner can specify an access policy to ensure that the data is only accessible to the users meeting the policy. In case of suspectable illegal access to outsourced data with leaked credentials, a tracing procedure can be invoked to tracing in a black-box manner at least one of the users who leaked their access credentials. The tracing procedure can run without the cloud service provider being disturbed. Analysis shows that the introduction of tracing access credential leakage incurs little additional cost to either data outsourcing or access procedure.",

keywords = "access control, access credential leakage, cloud storage, data privacy, digital forensics",

author = "Hua Deng and Qianhong Wu and Bo Qin and Jian Mao and Xiao Liu and Lei Zhang and Wenchang Shi",

year = "2014",

doi = "10.1007/978-3-319-11203-9\_21",

language = "英语",

isbn = "9783319112022",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

number = "PART 1",

pages = "362--379",

booktitle = "Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings",

address = "德国",

edition = "PART 1",

note = "19th European Symposium on Research in Computer Security, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",

}

Deng, H, Wu, Q, Qin, B, Mao, J, Liu, X, Zhang, L & Shi, W 2014, Who is touching my cloud. in Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 8712 LNCS, Springer Verlag, pp. 362-379, 19th European Symposium on Research in Computer Security, ESORICS 2014, Wroclaw, Poland, 7/09/14. https://doi.org/10.1007/978-3-319-11203-9_21

Who is touching my cloud. / Deng, Hua; Wu, Qianhong; Qin, Bo et al.
Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1. ed. Springer Verlag, 2014. p. 362-379 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8712 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Who is touching my cloud

AU - Deng, Hua

AU - Wu, Qianhong

AU - Qin, Bo

AU - Mao, Jian

AU - Liu, Xiao

AU - Zhang, Lei

AU - Shi, Wenchang

PY - 2014

Y1 - 2014

N2 - Advanced access controls have been proposed to secure sensitive data maintained by a third party. A subtle issue in such systems is that some access credentials may be leaked due to various reasons, which could severely damage data security. In this paper, we investigate leakage tracing enabled access control over outsourced data, so that one can revoke the suspected leaked credentials or prepare judicial evidences for legal procedure if necessary. Specifically, we propose a leaked access credential tracing (LACT) framework to secure data outsourced to clouds and formalize its security model. Following the framework, we construct a concrete LACT scheme that is provably secure. The proposed scheme offers fine-grained access control over outsourced data, by which the data owner can specify an access policy to ensure that the data is only accessible to the users meeting the policy. In case of suspectable illegal access to outsourced data with leaked credentials, a tracing procedure can be invoked to tracing in a black-box manner at least one of the users who leaked their access credentials. The tracing procedure can run without the cloud service provider being disturbed. Analysis shows that the introduction of tracing access credential leakage incurs little additional cost to either data outsourcing or access procedure.

AB - Advanced access controls have been proposed to secure sensitive data maintained by a third party. A subtle issue in such systems is that some access credentials may be leaked due to various reasons, which could severely damage data security. In this paper, we investigate leakage tracing enabled access control over outsourced data, so that one can revoke the suspected leaked credentials or prepare judicial evidences for legal procedure if necessary. Specifically, we propose a leaked access credential tracing (LACT) framework to secure data outsourced to clouds and formalize its security model. Following the framework, we construct a concrete LACT scheme that is provably secure. The proposed scheme offers fine-grained access control over outsourced data, by which the data owner can specify an access policy to ensure that the data is only accessible to the users meeting the policy. In case of suspectable illegal access to outsourced data with leaked credentials, a tracing procedure can be invoked to tracing in a black-box manner at least one of the users who leaked their access credentials. The tracing procedure can run without the cloud service provider being disturbed. Analysis shows that the introduction of tracing access credential leakage incurs little additional cost to either data outsourcing or access procedure.

KW - access control

KW - access credential leakage

KW - cloud storage

KW - data privacy

KW - digital forensics

UR - https://www.scopus.com/pages/publications/84906504763

U2 - 10.1007/978-3-319-11203-9_21

DO - 10.1007/978-3-319-11203-9_21

M3 - 会议稿件

AN - SCOPUS:84906504763

SN - 9783319112022

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 362

EP - 379

BT - Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings

PB - Springer Verlag

T2 - 19th European Symposium on Research in Computer Security, ESORICS 2014

Y2 - 7 September 2014 through 11 September 2014

ER -

Deng H, Wu Q, Qin B, Mao J, Liu X, Zhang L et al. Who is touching my cloud. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1 ed. Springer Verlag. 2014. p. 362-379. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). doi: 10.1007/978-3-319-11203-9_21

Who is touching my cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this