Secure administration of cryptographic role-based access control for large-scale cloud storage systems

• A new cryptographic administrative RBAC model AdC-RBAC for cloud data storage.
• Administrative tasks only allowed to be performed by authorised roles.
• A new Role-based Encryption (RBE) Scheme that works with the AdC-RBAC model.
• Enforcement of Role based access policies for secure data storage in the cloud.
• Protection of data security in large-scale cloud systems.

Cloud systems provide significant benefits by allowing users to store massive amount of data on demand in a cost-effective manner. Role-based access control (RBAC) is a well-known access control model which can be used to protect the security of cloud data storage. Although cryptographic RBAC schemes have been developed recently to secure data outsourcing, these schemes assume the existence of a trusted administrator managing all the users and roles, which is not realistic in large-scale systems. In this paper, we introduce a cryptographic administrative model AdC-RBAC for managing and enforcing access policies for cryptographic RBAC schemes. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks are performed only by authorised administrative roles. Then we propose a role-based encryption (RBE) scheme and show how the AdC-RBAC model decentralises the administrative tasks in the RBE scheme thereby making it practical for security policy management in large-scale cloud systems.