Collaborative access control of cloud storage systems

摘要

Recently, cloud storage systems have become a popular means of data storage and sharing in a wide spectrum of application scenarios, especially in cloud computing systems. Although the present implementations of cloud storage systems such as Google Drive or HackMD offer the functionality to let multiple users edit the same documents at the same time, some issues on access controls might emerge. First, the existing access control policies allow the reads or writes of a file or directory if the corresponding access privileges are granted, in an all-or-nothing basis, and finer-grained controls are not realized. Then, the privileges to read or write a file are not completely orthogonal, thus the access controls for reads and writes should be asymmetric. In particular, a user that are granted to write a file cannot be always guaranteed to be able to read the same file, and vice versa. Last but not least, to avoid any intended or careless sabotage of any single user on critical files, multiple users must be able to collaboratively control the accesses to a file. Unfortunately, while the collaborative access control of files on cloud storage systems has been extensively studied, more sophisticated access control policies based on sets of users - referred to as manager groups in this work - still remain an unanswered problem, which motivates this work. In this work, we propose a collaborative access control strategy based on manager groups, which allow multiple groups to be connected in series or in parallel to further enhance the flexibility of access control of files on the cloud. In addition, we also considered several key implementation issues such as the performance of management, as well as the overheads for file encryption.