Cloud computing, as an emerging computing paradigm, enables users to tenuously store their data into a cloud so as to enjoy scalable services on-demand. Since this new computing technology requires users to entrust their valuable data to cloud benefactors, there have been increasing security and privacy concerns on outsourced data. In order to realize accessible, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper we propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. We show how HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and flexibility while at the same time inherits the feature of fine-grained access control of ASBE. We formally prove the security of the proposed scheme based on the security of the CP-ABE scheme and analyze its performance in terms of computational overhead. HASBE not only supports compound attributes due to flexible set combinations, but also achieves efficient user annulment because of multiple value assignments of attributes. We implement our scheme and show that it is both efficient and bendable in dealing with wide-ranging experiments

Cloud Computing and Emerging IT Platforms:Vision, Hype, and Reality for Delivering Computing as the 5th Utility

Amazon Elastic Compute Cloud (Amazon EC2) [Online]. Available:http://aws.amazon.com/ec2/

Amazon Web Services (AWS) [Online]. Available: https://s3.amazonaws.com/

R. Martin, “IBM brings cloud computing to earth with massive newdata centers,” InformationWeek Aug. 2008 [Online].Available: http://www.informationweek.com/news/hardware/data_centers/209901523

Google App Engine [Online]. Available: http://code.google.com/appengine/

D. E. Bell and L. J. LaPadula, Secure Computer Systems: Unified Exposition and Multics Interpretation The MITRE Corporation, Tech. Rep., 1976.

K. J. Biba, Integrity Considerations for Secure Computer SytemsThe MITRE Corporation, Tech. Rep., 1977.

H. Harney, A. Colgrove, and P. D. McDaniel, “Principles of policy in secure groups,” in Proc. NDSS, San Diego, CA, 2001.

P. D. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002.

T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust negotiation,” in Proc. IEEE Symp.Security and Privacy, Berkeley, CA, 2003.