Ensuring Security, Confidentiality and Fine-Grained Data Access Control of Cloud Data Storage Implementation Environment

DOI: 10.4236/jis.2015.62013   PDF   HTML   XML   5,433 Downloads   6,278 Views   Citations


With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.

Share and Cite:

Talib, A. (2015) Ensuring Security, Confidentiality and Fine-Grained Data Access Control of Cloud Data Storage Implementation Environment. Journal of Information Security, 6, 118-130. doi: 10.4236/jis.2015.62013.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Talib, A.M., Atan, R., Abdullah, R. and Murad, M.A.A. (2010) Security Framework of Cloud Data Storage Based on Multi Agent System Architecture: Semantic Literature Review. Computer and Information Science, 3, 175.
[2] Talib, A.M., Atan, R., Abdullah, R. and Murad, M.A.A. (2012) Towards a Comprehensive Security Framework of Cloud Data Storage Based on Multi Agent System Architecture. Journal of Information Security, 3, 295-306.
[3] Joshi, J.B.D. (2004) Access-Control Language for Multi-Domain Environments. IEEE Internet Computing, 8, 40-50.
[4] Mather, T., Kumaraswamy, S. and Latif, S. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Inc.
[5] Lori, M. (2009) Data Security in the World of Cloud Computing. Co-Published by the IEEE Computer and Reliability Societies, 61-64.
[6] Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q. and Fu, K. (2003) Plutus: Scalable Secure File Sharing on Untrusted Storage. in Fast, 29-42.
[7] Goh, E.-J., Shacham, H., Modadugu, N. and Boneh, D. (2003) SiRiUS: Securing Remote Untrusted Storage. in NDSS, 131-145.
[8] Ateniese, G., Fu, K., Green, M. and Hohenberger, S. (2006) Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. ACM Transactions on Information and System Security (TISSEC), 9, 1-30.
[9] Di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S. and Samarati, P. (2007) Over-Encryption: Management of Access Control Evolution on Outsourced Data. Proceedings of the 33rd International Conference on Very Large Data Bases, 123-134.
[10] Atallah, M.J., Blanton, M., Fazio, N. and Frikken, K.B. (2009) Dynamic and Efficient Key Management for Access Hierarchies. ACM Transactions on Information and System Security (TISSEC), 12, 18.
[11] Johnson, M., Chang, P., Jeffers, R., Bradshaw, J.M., Soo, V.W., Breedy, M.R., Bunch, L., Kulkarni, S., Lott, J. and Suri, N. (2003) KAoS Semantic Policy and Domain Services: An Application of DAML to Web Services-Based Grid Architectures. Proceedings of the AAMAS, Melbourne, 14-18 July 2003.
[12] Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N. and Uszok, A. (2003) Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K. and Mylopoulos, J., Eds., The Semantic Web-ISWC 2003, Springer, Berlin, 419-437.
[13] Kagal, L. (2002) Rei: A Policy Language for the Me-Centric Project.
[14] Samarati, P. and de Vimercati, S.C. (2001) Access Control: Policies, Models, and Mechanisms. In: Focardi, R. and Gorrieri, R., Eds., Foundations of Security Analysis and Design, Springer, Berlin, 137-196.
[15] Lampson, B.W. (1974) Protection. ACM SIGOPS Operating Systems Review, 8, 18-24.
[16] Harrison, M.A., Ruzzo, W.L. and Ullman, J.D. (1976) Protection in Operating Systems. Communications of the ACM, 19, 461-471.
[17] Denning, D.E. (1976) A Lattice Model of Secure Information Flow. Communications of the ACM, 19, 236-243.
[18] Bell, D.E. and LaPadula, L.J. (1973) Secure Computer Systems: Mathematical Foundations. DTIC Document.
[19] Fabio, B., Giovanni, C., Tiziana, T., Giovanni, R. and Roland, M. (2007) JADE Administrator’s Guide. Last Update, 2007.
[20] Sun Microsystems (2010) Java Security.
[21] Sun Microsystems (2014) Authentication and Authorization Service (JAAS).
[22] Sun Microsystems (2014) Java Secure Socket Extension (JSSE) Reference Guide.
http://download.oracle.com/javase/6/d ocs/technot es/gui-des/security/jsse/JSSERefGuide.html
[23] Sun Microsystems (2014) Java Default Policy Implementation and Policy File Syntax.
http://java.sun.com/j2se/1.4/docs/gui de/security/Poli cyFile s.html
[24] Netscape Communication Corporation (2014) Introduction to SSL.

comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.