Integrating Trust with Cryptographic Role-based Access Control for Secure Cloud Data Storage

There has been a recent trend in storing data in cloud due to the increasing amount of users' data and associated benefits such as on-demand access and scalability. Role-based access control (RBAC) provides a flexible way for data owners to manage and share their data in cloud. To enforce the access control policies in the cloud, cryptographic RBAC schemes have been developed, which combine cryptographic techniques and access control to protect the privacy of the data in an outsourced environment. Using these cryptographic schemes, the owner of data can encrypt the data in such a way that only the users with appropriate roles as specified by a role-based access control policy can decrypt and view the data. However these cryptographic approaches do not address the issues of trust when enforcing the access policies. The issue of trust is critical in cloud storage systems; the stored data in the cloud is secure under the assumptions that roles are properly administered by trusted authorities, roles manage the user membership in a trusted manner and qualified users also behave in a trusted manner. In this paper, we propose a trust model to reason about and improve the security for stored data in cloud storage systems that use cryptographic RBAC schemes. The trust model provides an approach for the owners to determine the trustworthiness of individual roles in the RBAC system. The data owners can use the trust models to decide whether to store their encrypted data in the cloud for a particular role. The proposed trust model takes into account role inheritance and hierarchy in the evaluation of trustworthiness of roles. In addition, we present a design of a trust-based cloud storage system which shows how the trust model can be integrated into a system that uses cryptographic RBAC schemes. We have also described the relevance of the proposed trust model by considering practical application scenarios and illustrated how the trust evaluations can be used to reduce the risks and enhance the quality of decision making by data owners of cloud storage service.