Privacy Preserving User Centric Policy Management Framework for Cloud Computing Environments

Hassan Takabi
University of Pittsburgh

Date and Location: Wednesday, March 13th, 2013, 10:00am - 11:00am @ Stuart Building, Room 113.


In order to protect data in cloud computing environments, users must use diverse access control solutions available for each cloud service provider (CSP). Consequently, access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every CSP. Heterogeneity and distribution of these policies pose problems in their administration. Furthermore, although access control mechanisms are a vital component to protect data from unauthorized users, there are many cases where the CSPs are not trusted and pose a risk to their users' privacy.

We introduce a privacy preserving user centric policy management framework that is designed to give users a unified control point for managing policies that control access to their data no matter where the data is stored. It also uses cryptographic mechanisms to prevent CSPs from accessing the data. Our proposed approach provides two levels of protection for user's data stored on a CSP. The users' data is protected from unauthorized users using a CSP-enforced access control mechanism, while protection from the CSP is achieved through multiple layers of commutative encryption with the help of a third-party service provider.

We present lessons we learned from a case study where we implemented a unified policy management system for various cloud services. Based on those lessons and motivated by limitations of existing approaches, we propose a semantic-based policy management framework that is designed to help cloud users to specify and manage security policies using semantic web technologies. Then, we describe how to utilize commutative encryption to preserve privacy of users when they store their data on untrusted CSPs. Finally, we explain a proof of concept implementation of the proposed framework to show its applicability and report results of the experiments we performed to evaluate performance of the framework.


Hassan Takabi is a doctoral candidate in the school of Information Sciences at the University of Pittsburgh where he has been a member of the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS) since 2008. Before joining the University of Pittsburgh, he was with the E-Security Research Centre at the London South Bank University where he received Overseas Research Students Awards Scheme (ORSAS) award from UK's Secretary of State for Education and Science. His research interests include Cybersecurity and Information Assurance, Security, Privacy, and Trust Issues in Cloud Computing Environments and Online Social Networks, Privacy and Web Security, Usable Privacy and Security. He has published more than 20 papers in peer-reviewed journals and international conferences, some of which won or been runner up for Best Paper Awards. Hassan has served as reviewer for several journals including IEEE Transactions on Information Forensics & Security, IEEE TDSC, IEEE TKDE, Journal of Computer Security, and international conferences such as SACMAT, ACSAC, WWW and CollaborateCom. He also served on organizing committee of IRI 2010, ACSAC 2012 and ACSAC 2013.