Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment

Stefano Berlato, Stefano Berlato, Roberto Carbone, Silvio Ranise, Silvio Ranise

2021

Abstract

While organisations move their infrastructure to the cloud, honest but curious Cloud Service Providers (CSPs) threaten the confidentiality of cloud-hosted data. In this context, many researchers proposed Cryptographic Access Control (CAC) schemes to support data sharing among users while preventing CSPs from accessing sensitive data. However, the majority of these schemes focuses on high-level features only and cannot adapt to the multiple requirements arising in different scenarios. Moreover, (almost) no CAC scheme implementation is available for enforcement of authorisation policies in the cloud, and performance evaluation is often overlooked. To fill this gap, we propose the toolchain COERCIVE, short for CryptOgraphy killEd (the honest but) cuRious Cloud servIce proVidEr, which is composed of two tools: TradeOffBoard and CryptoAC. TradeOffBoard assists organisations in identifying the optimal CAC architecture for their scenario. CryptoAC enforces authorisation policies in the cloud by deploying the architecture selected with TradeOffBoard. In this paper, we describe the implementation of CryptoAC and conduct a thorough performance evaluation to demonstrate its scalability and efficiency with synthetic benchmarks.

Download


Paper Citation


in Harvard Style

Berlato S., Carbone R. and Ranise S. (2021). Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 370-381. DOI: 10.5220/0010608003700381


in Bibtex Style

@conference{secrypt21,
author={Stefano Berlato and Roberto Carbone and Silvio Ranise},
title={Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={370-381},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010608003700381},
isbn={978-989-758-524-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
SN - 978-989-758-524-1
AU - Berlato S.
AU - Carbone R.
AU - Ranise S.
PY - 2021
SP - 370
EP - 381
DO - 10.5220/0010608003700381