Enforcing Access Control to Cloud With Preserved Users Privacy

Access Control Policies defines the user roles and their access rights to the confidential data. Finegrained access control on confidential data hosted in the cloud are based on fine-grained encryption of the data in which data owners are in charge of encrypting the data before uploading them to the cloud and re-encrypting the data whenever user credentials change. When data owners perform the re-encryption they incur high communication and computation costs. To reduce the overhead at data owner, delegate the enforcement of access control to cloud, while assuring data confidentiality from the cloud. In order to delegate access control to cloud, an approach of two layers of encryption is proposed, in which the data owner performs a lower level encryption; whereas the cloud performs a higher level encryption. Using Policy Decomposition algorithm, decompose the ACP between the owner and cloud to perform the two layers of encryption. With TLE, the system guarantees the confidentiality of the data from cloud and preserves the privacy of users from the cloud while delegating most of the access control enforcement to the cloud.