Semantically Rich, Oblivious Access Control Using ABAC for Secure Cloud Storage

Thumbnail Image

Files

845.pdf (707.95 KB)

Links to Files

https://ieeexplore.ieee.org/document/8029268

Permanent Link

10.1109/IEEE.EDGE.2017.27
 http://hdl.handle.net/11603/11601

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Information Systems Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2017-09-11

Type of Work

conference paper pre-print
Text

Department

Program

Citation of Original Publication

Maithilee Joshi, Karuna Joshi, Tim Finin, "Attribute Based Encryption for Secure Access to Cloud Based EHR Systems", Cloud Computing (CLOUD) 2018 IEEE 11th International Conference on, pp. 932-935, 2018, DOI: 10.1109/IEEE.EDGE.2017.27

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 20XX IEEE

Subjects

Access Control
Access Broker
Ontologies
Confidentiality Policy
Oblivious Storage
Cloud Computing
UMBC Ebiquity Research Group

Abstract

Securing their critical documents on the cloud from data threats is a major challenge faced by organizations today. Controlling and limiting access to such documents requires a robust and trustworthy access control mechanism. In this paper, we propose a semantically rich access control system that employs an access broker module to evaluate access decisions based on rules generated using the organizations confidentiality policies. The proposed system analyzes the multi-valued attributes of the user making the request and the requested document that is stored on a cloud service platform, before making an access decision. Furthermore, our system guarantees an end-to-end oblivious data transaction between the organization and the cloud service provider using oblivious storage techniques. Thus, an organization can use our system to secure their documents as well as obscure their access pattern details from an untrusted cloud service provider.