SaTC: CORE: Medium: Collaborative: Scalable Dynamic Access Control for Untrusted Cloud Environments

SaTC：核心：中：协作：不受信任的云环境的可扩展动态访问控制

• 批准号: 1703853
• 负责人: Apu Kapadia
• 金额: $ 27.48万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2022-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1703853&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Scalable

When users store their data in the cloud, they take many privacy risks: Will the cloud storage provider allow others to see that data? If the user sets sharing rules for the data, will the cloud storage system follow those rules? Recent news stories of user data exfiltration from cloud storage systems show that users have reason for concern. Encrypting files before storing them in the cloud would provide strong protection, but this approach makes it very difficult for users to share data with others and to change their sharing policies. This project is exploring techniques to cryptographically protect user files in cloud-based storage systems, while supporting advanced, dynamic sharing policies.While cryptographically protecting data under a static access control policy is well documented in the literature, existing constructions either do not efficiently support dynamic policies (e.g., changes to role/attribute assignments) or make heavy trust assumptions to support this dynamism. This project is (1) developing an open-source platform for prototyping, analyzing, and deploying dynamic access control enforcement solutions for untrusted environments; (2) creating cryptographic constructions that are capable of securely implementing popular role- and attribute-based access control models on untrusted storage platforms while supporting dynamic policy and data updates; (3) designing efficient, trusted hardware-assisted, cloud-scale implementations of popular access control models supporting dynamic policy and data updates in a variety of deployment scenarios; and (4) a carrying out a comprehensive evaluation that explores the trade-offs in trust between these cryptographically- and hardware-enforced approaches and examines the cryptographic, computational, and communication costs of the proposed constructions under a variety of real-world workloads.

当用户将数据存储在云中时，他们会承担许多隐私风险：云存储提供商是否会允许其他人查看这些数据？如果用户为数据设置了共享规则，云存储系统是否会遵循这些规则？最近关于用户数据从云存储系统中泄露的新闻报道表明，用户有理由担心。 在将文件存储到云中之前对其进行加密可以提供强大的保护，但这种方法使得用户很难与他人共享数据并更改其共享策略。该项目正在探索在基于云的存储系统中加密保护用户文件的技术，同时支持高级动态共享策略。虽然在静态访问控制策略下加密保护数据在文献中有很好的记载，但现有的构造要么不能有效地支持动态策略（例如，角色/属性分配的改变）或做出重信任假设来支持这种动态。 该项目是（1）开发一个开源平台，用于原型设计，分析和部署不可信环境的动态访问控制实施解决方案;（2）创建能够在不可信存储平台上安全地实现流行的基于角色和属性的访问控制模型的加密结构，同时支持动态策略和数据更新;（3）为流行的访问控制模型设计高效、可信的硬件辅助云规模实现，支持各种部署场景中的动态策略和数据更新;以及（4）进行全面评估，该评估探索这些加密和硬件强制方法之间的信任权衡，并检查加密，计算，和通信成本的各种现实世界的工作量下的建议的建设。

项目成果

Decaying Photos for Enhanced Privacy: User Perceptions Towards Temporal Redactions and 'Trusted' Platforms

• DOI: 10.1145/3555538
• 发表时间: 2022-11
• 期刊: Proceedings of the ACM on Human-Computer Interaction
• 作者: Sabid Bin Habib Pias;Imtiaz Ahmad;T. Akter;Apu Kapadia;Adam J. Lee

Practical Revocation and Key Rotation

• DOI: 10.1007/978-3-319-76953-0_9
• 发表时间: 2018-04
• 作者: Steven Myers;Adam Shull