A Federated Framework for Fine-Grained Cloud Access Control for Intelligent Big Data Analytic by Service Providers

Abstract

This paper proposes a novel data-owner-driven privacy-aware cloud data acquisition framework for intelligent big data analytics for service providers and users. To realize this idea, we propose three main components. The first one is a new global identity provider concept to support fine-grained access control for a federated outsourcing cloud, namely called P-FIPS (Privacy-enhanced Federated Identity Provider System), in which data owners perform identity access control with the operator of the federated outsourcing cloud so that the service providers can selectively use their encrypted data on the cloud for various purpose such as intelligent big data analytics. In P-FIPS, data owners manage the access privilege of service providers over their encrypted data on the cloud by (a) labeling the scope of use (e.g., user connection, user disconnection, user tracking) on each encrypted data on the cloud, and (b) by selectively providing the information regarding the data owners to the service provider. The label also includes the attributes related to the data owner's identity, and this allows service providers to locate the target data with the assist of cryptographic computation according to the scope of the use at the cloud outsourcing server. The second one is a new ambiguous data acquisition mechanism integrated with P-FIPS from a cloud to a service provider. The last one is the Decentralized Audit and Ordering (DAO) Chain mechanism which provides the correctness of obtained data to the service provider as well as ensures the owners that their data is being used for the approved purpose only. Most importantly, we show that our framework is much more efficient than the existing alternative in the scheme.