Revocation and Tracing Schemes for Stateless Receivers
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Aurora: a new model and architecture for data stream management
The VLDB Journal — The International Journal on Very Large Data Bases
Characterizing the query behavior in peer-to-peer file sharing systems
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!
Proceedings of the eleventh ACM symposium on Access control models and technologies
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Enforcing access control over data streams
Proceedings of the 12th ACM symposium on Access control models and technologies
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Specifying access control policies on data streams
DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
Achieving secure, scalable, and fine-grained data access control in cloud computing
INFOCOM'10 Proceedings of the 29th conference on Information communications
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Plutus: scalable secure file sharing on untrusted storage
FAST'03 Proceedings of the 2nd USENIX conference on File and storage technologies
Enabling security in cloud storage SLAs with CloudProof
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing
Hi-index | 0.00 |
Sharing data from various sources and of diverse kinds, and fusing them together for sophisticated analytics and mash-up applications are emerging trends, and are prerequisites for realizing grand visions such as that of cyber-physical systems enabled smart cities. Cloud infrastructure can enable such data sharing both because it can scale easily to an arbitrary volume of data and computation needs on demand, as well as because of natural collocation of diverse such data sets within the infrastructure. However, in order to convince data owners that their data are well protected while being shared among cloud users, the cloud platform needs to provide flexible mechanisms for the users to express the constraints (access rules) subject to which the data should be shared, and likewise, enforce them effectively. We study a comprehensive set of practical scenarios where data sharing needs to be enforced by methods such as aggregation, windowed frame, value constrains, etc., and observe that existing basic access control mechanisms do not provide adequate flexibility to support effective data sharing in a secure and controlled manner. In this paper, we thus propose a framework for cloud that extends popular XACML model significantly by integrating flexible access control decisions and data access in a seamless fashion. We have prototyped the framework and deployed it on commercial cloud environment for experimental runs to test the efficacy of our approach and evaluate the performance of the implemented prototype.