Access control is essential in protecting storage privacy. Customers must be able to trust the cloud service that only authorized parties can access their data. More complicated access control mechanisms provide extra or improved use cases for cloud storage. Additional policy enforcement solutions such as secure deletion give customers tighter control over their data, enhance their storage privacy and can be essential in order to comply with business regulations.
Shared Ownership allows joint access control decisions on collaboratively created cloud data. In our work we present an instantiation of shared ownership that is more efficient than previous work and allows fair accounting through block-chains.
The primitive provides secure deletion on an honest-but-curious cloud storage. Therefore, clients can store all the files on the cloud as usual, but still achieve secure deletion, which cannot be guaranteed otherwise. The solution is based on encryption.
The aim of the primitive is to provide an enforcement component for distributed attribute-based access control (ABAC) policies that ensures that authorized users always get access to the selected cloud resource (either data or service) whilst the access is refused to malicious parties, in the context of a multi-tenant cloud infrastructure.