Cloud storage is an important service of cloud computing, which offers service for data owners to host their data in the cloud. This new paradigm of data hosting and data access services introduces two major security concerns. The first is the protection of data integrity. Data owners may not fully trust the cloud server and worry that data stored in the cloud could be corrupted or even removed. The second is data access control. Data owners may worry that some dishonest servers provide data access to users that are not permitted for profit gain and thus they can no longer rely on the servers for access control.
To protect the data integrity in the cloud, an efficient and secure dynamic auditing protocol is introduced, which can support dynamic auditing and batch auditing. To ensure the data security in the cloud, two efficient and secure data access control schemes are introduced in this brief: ABAC for Single-authority Systems and DAC-MACS for Multi-authority Systems. While Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data, the existing schemes cannot be directly applied to data access control for cloud storage systems because of the attribute revocation problem. To solve the attribute revocation problem, new Revocable CP-ABE methods are proposed in both ABAC and DAC-MACS.
