Achieving fine-grained access control and mitigating role explosion by utilising ABE with RBAC

Abstract

Cloud systems can store a vast amount of sensitive data whose access must be well regulated. A good access control policy ensures the security of this data while providing high flexibility in terms of access management. In this paper, we introduce access control architecture to mitigate the issue of role-explosion in RBAC and achieve a high degree of fine-grained access control by following an attribute-based encryption scheme with RBAC. In our model, we propose a user-tree with a hierarchical structure composed of groups and sub-groups to which a user will be assigned. These sub-groups will have their own sets of attributes as well as common inherited attributes. A user assigned to a specific sub-group will receive a key with the specific attributes of the sub-group as well as the inherited attributes.