An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Cryptographic solution to a problem of access control in a hierarchy
ACM Transactions on Computer Systems (TOCS)
A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy
IEEE Transactions on Knowledge and Data Engineering
Dynamic and efficient key management for access hierarchies
Proceedings of the 12th ACM conference on Computer and communications security
A data outsourcing architecture combining cryptography and access control
Proceedings of the 2007 ACM workshop on Computer security architecture
Secure and efficient access to outsourced data
Proceedings of the 2009 ACM workshop on Cloud computing security
An efficient key assignment scheme for access control in a hierarchy
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Secured cloud storage scheme using ECC based key management in user hierarchy
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Enforcing subscription-based authorization policies in cloud scenarios
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
In time-bound access control, access to the system resources by authorized users is limited to specific time periods. In 2012, Vimercati, Foresti, Jajodia and Livraga proposed a scheme for time-bound access control to outsourced data in cloud using hierarchical key derivation structure. We show that their scheme has a security flaw. A user, after access right revocation, can still have access to the resources associated to his revoked subscription interval. There is a scheme by Wang, Li, Owens and Bhargava for efficient revocation in data outsourcing scenario. The main advantage of their scheme is that it does not require data block re-encryption and updates when any user's access right changes. It has a disadvantage that any change in access right of a single user, requires the data owner to recompute and distribute access certificates to all the users who requires further data access. In order to mitigate the security flaw of Vimercati et al. scheme, we present a solution based on the data access mechanism proposed by Wang et al. such that any user's access right revocation will be independent of other user's data access. Our solution removes their drawback without sacrificing other desirable properties of the original scheme.