SeGoAC: A tree-based model for self-defined, proxy-enabled and group-oriented access control in mobile cloud computing

Designing an effective and secure group-oriented access control for mobile cloud storage services is an area of active research. For example, such schemes should provide user-friendly features that allow group members to be conveniently added or removed, privileges of group members to be assigned or revoked by authorized parties (e.g., group leaders), organizing of members into one or more sub-groups, forming of (multiple) hierarchical layers, etc. Specifically, privileges should be self-defined by group leaders, and access control can be carried out by group leaders as a proxy. In this paper, we propose a lightweight tree-based model designed to achieve self-defined, proxy-enabled and group-oriented access control (hereafter referred to as SeGoAC) for file storage access control in mobile cloud computing. SoGoAC is a flexible access control model that supports group access control, self-authorization and self-management iteratively, flexible self-defined accessing policies, user friendly features to grant and revoke privileges. We then demonstrate the utility of SeGoAC via extensive analysis.