Secure Overlay Cloud Storage with Access Control and Assured Deletion
Top Cited Papers
- 3 July 2012
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Dependable and Secure Computing
- Vol. 9 (6), 903-916
- https://doi.org/10.1109/tdsc.2012.49
Abstract
We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof-of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services.Keywords
This publication has 20 references indexed in Scilit:
- A Secure Cloud Backup System with Assured Deletion and Version ControlPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- A view of cloud computingCommunications of the ACM, 2010
- Cryptographic Cloud StorageLecture Notes in Computer Science, 2010
- FADE: Secure Overlay Cloud Storage with File Assured DeletionPublished by Springer Science and Business Media LLC ,2010
- CumulusACM Transactions on Storage, 2009
- Identity-based encryption with efficient revocationPublished by Association for Computing Machinery (ACM) ,2008
- A Hybrid PKI-IBC Based Ephemerizer SystemIFIP International Federation for Information Processing, 2007
- Secure attribute-based systemsPublished by Association for Computing Machinery (ACM) ,2006
- Attribute-based encryption for fine-grained access control of encrypted dataPublished by Association for Computing Machinery (ACM) ,2006
- How to share a secretCommunications of the ACM, 1979