A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Role-Based Access Control Models
Computer
Iolus: a framework for scalable secure multicasting
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
Wide-area cooperative storage with CFS
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Generalized Secret Sharing and Monotone Functions
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
StegFS: A Steganographic File System for Linux
IH '99 Proceedings of the Third International Workshop on Information Hiding
Cryptographic access control in a distributed file system
Proceedings of the eighth ACM symposium on Access control models and technologies
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
ELK, a New Protocol for Efficient Large-Group Key Distribution
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Secure distribution of events in content-based publish subscribe systems
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Efficient communication-storage tradeoffs for multicast encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
PBES: a policy based encryption system with application to data sharing in the power grid
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hi-index | 0.00 |
Advances in networking technologies have triggered the “storage as a service” (SAS) model. The SAS model allows content providers to leverage hardware and software solutions provided by the storage service providers (SSPs), without having to develop them on their own, thereby freeing them to concentrate on their core business. The SAS model is faced with at least two important security issues: (i) How to maintain the confidentiality and integrity of files stored at the SSPs? (ii) How to efficiently support flexible access control policies on the file system? The former problem is handled using a cryptographic file system, while the later problem is largely unexplored. In this paper, we propose secure, efficient and scalable key management algorithms to support monotone access structures on large file systems. We use key derivation algorithms to ensure that a user who is authorized to access a file, can efficiently derive the file's encryption key. However, it is computationally infeasible for a user to guess the encryption keys for those files that she is not authorized to access. We present concrete algorithms to efficiently and scaleably support a discretionary access control model (DAC) and handle dynamic access control updates & revocations. We also present a prototype implementation of our proposal on a distributed file system. A trace driven evaluation of our prototype shows that our algorithms meet the security requirements while incurring a low performance overhead on the file system.