Privacy aware access control for data sharing in cloud computing environments

In cloud computing environments, data protection is usually limited to access control policies that are enforced by cloud service providers (CSPs). However, there are many cases where the CSPs are not trusted and pose a risk to their users' privacy. Several approaches have been proposed to prevent CSPs from accessing the data where the cryptographic mechanisms are used to enforce access control policies. However, most of these approaches incur a huge communication overhead, involve users in a complex and expensive key management process and are burdensome for users. In this paper, we propose a privacy aware access control system for data sharing that provides two levels of protection for user's data stored on a CSP. The users' data is protected from unauthorized users using a CSP-enforced access control mechanism, while protection from the CSP is achieved through multiple layers of commutative encryption with the help of a third-party service provider. We present the proposed framework and describe its components and various cryptographic operations. Furthermore, we provide a security analysis to discuss potential threats against the proposed system and provide some solutions for those threats.