Enforcing Access Control Policies over Data Stored on Untrusted Server

One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions address only enforcement of policies in form of access control matrix. In this paper, we propose an approach to enforce RBAC policies on encrypted data outsourced to service provider (SP). We utilize Chinese Remainder Theorem (CRT) for key management and role/permission assignment. Efficient user revocation, support of role hierarchical structure updates, availability of authorized resources for users of newly added roles, and enforcement of write access control policies as well as static separation of duties (SSD), are of the proposed solution advantages. In addition, the ciphertext size is linearly proportional to the plaintext size, regardless of the number of roles and users