Commune: Shared ownership in an agnostic cloud

Claudio Soriente, Ghassan O. Karame, Hubert Ritzdorf, Srdjan Marinovic, Srdjan Capkun

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because, for example, one owner can delete files and revoke access without consulting the other collaborators. In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose a solution, called Commune, to the problem of distributed enforcement of shared ownership in agnostic clouds, so that access grants require the support of an agreed threshold of owners. Commune can be used in existing clouds without modifications to the platforms. We analyze the security of our solution and evaluate its performance through an implementation integrated with Amazon S3.

    Original languageEnglish
    Title of host publicationSACMAT 2015 - Proceedings of the 20th ACM Symposium on Access Control Models and Technologies
    PublisherAssociation for Computing Machinery
    Pages39-50
    Number of pages12
    Volume2015-June
    ISBN (Electronic)9781450335560
    DOIs
    Publication statusPublished - 1 Jun 2015
    Event20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015 - Vienna, Austria
    Duration: 1 Jun 20153 Jun 2015

    Other

    Other20th ACM Symposium on Access Control Models and Technologies, SACMAT 2015
    Country/TerritoryAustria
    CityVienna
    Period1/06/153/06/15

    Keywords

    • Cloud security
    • Distributed enforcement
    • Shared ownership

    Fingerprint

    Dive into the research topics of 'Commune: Shared ownership in an agnostic cloud'. Together they form a unique fingerprint.

    Cite this