Detection of access control violations in the secure sharing of cloud storage

Abstract : A cloud storage service implements security mechanisms to protect users data, including an access control mechanism to enable the data sharing. Thus, it is possible to define users permissions, granting the access only to authorized users. Existing solutions consider that the provider is honest but curious so that the designed mechanisms prevent the access to the files by the provider. However, the possibility of executing illegal transactions is not analyzed, and a malicious provider can perform transactions requested by unauthorized users, resulting in access control violations. In this paper, we propose monitoring and auditing mechanisms to detect these violations. As a result, new attacks are identified, especially those resulting from writing actions requested by users whose permissions were revoked. Colored Petri Nets (CPNs) are used to model and validate our proposal.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01830866
Contributor : Frédéric Davesne <>
Submitted on : Thursday, July 5, 2018 - 2:03:51 PM
Last modification on : Monday, October 28, 2019 - 10:50:22 AM

Identifiers

  • HAL Id : hal-01830866, version 1

Citation

Carlos André Batista De Carvalho, Rossana Maria de Castro Andrade, Nazim Agoulmine, Miguel Franklin de Castro. Detection of access control violations in the secure sharing of cloud storage. 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), Mar 2018, Funchal, Portugal. pp.124--135. ⟨hal-01830866⟩

Share

Metrics

Record views

55