Abstract
Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because, for example, one owner can delete files and revoke access without consulting the other collaborators. In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose a solution, called Commune, to the problem of distributed enforcement of shared ownership in agnostic clouds, so that access grants require the support of an agreed threshold of owners. Commune can be used in existing clouds without modifications to the platforms. We analyze the security of our solution and evaluate its performance through an implementation integrated with Amazon S3.
Original language | English |
---|---|
Title of host publication | SACMAT 2015 - Proceedings of the 20th ACM Symposium on Access Control Models and Technologies |
Publisher | Association for Computing Machinery |
Pages | 39-50 |
Number of pages | 12 |
Volume | 2015-June |
ISBN (Electronic) | 9781450335560 |
DOIs | |
Publication status | Published - 1 Jun 2015 |
Event | 20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015 - Vienna, Austria Duration: 1 Jun 2015 → 3 Jun 2015 |
Other
Other | 20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015 |
---|---|
Country/Territory | Austria |
City | Vienna |
Period | 1/06/15 → 3/06/15 |
Keywords
- Cloud security
- Distributed enforcement
- Shared ownership