An Extended CP-ABE based Access Control Model for Data Outsourced in the Cloud

This paper proposes an access control scheme called Collaborative Ciphertext-Policy Attribute Role Based Encryption (C-CP-ARBE). Our C-CP-ARBE integrates Role-based Access Control (RBAC) into a Ciphertext-Policy Attribute-based Encryption (CP-ABE). The proposed model provides high expressiveness of access control policy, scalable user management, and less user revocation cost compared to the existing approach. In addition, our model supports both read and write access control in a more complex data sharing in collaborative cloud storage where there are multi-owner, multi-user, and multi-authority. For the evaluation, we develop the access control tool and set up test cases to validate the functionality of our proposed scheme. We also conduct the performance evaluation and compare the revocation cost of our C-CP-ARBE and CP-ABE scheme to demonstrate that our revocation method incurs less computation cost and efficient in practice for supporting a larger scale of users.