Survey on Access Control Delegation to Protect and Maintain Privacy of Cloud Data

Conventional access control models often assume that the entity enforcing access control policies is also the owner of the data. This assumption is no longer holds as it forces the data owner to do a lot of computations as the third party such as cloud only provide facilities for data storage, where the approaches to enforce fine grained access control on confidential data hosted in the cloud are based on fine grained encryption of data. Under these models the owner of data is force to perform the fine grained encryption of data before uploading on the cloud and once user dynamics or credentials change the data owner must re-encrypt the data. Data owners thus incur high computational and communication costs. We propose a better approach should delegate the enforcement of fine- grained access control to the cloud, so to minimize the overheads at the data owner, while assuring data confidentiality from the cloud. The proposed approach that can well delegate the enforcement of access control is based on two layer of encryption, where the data owner performs course-grained encryption and the clouds perform fine grained encryption on top of the owner encrypted data. The main challenging issue is how access control policies (ACPs) can be decomposed such that the two layers of encryption perform well as required. For this case some novel optimization algorithms are proposed to help solve such a problem. Also an efficient group key management scheme is utilized to support expressive access control policies. Our system assures confidentiality, integrity of data and preserves the privacy of the end user from the cloud while delegating most of the access control enforcement to the cloud.