Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

中文翻译：

---

基于属性的云计算访问控制加密

本文回顾了用于云计算访问控制的基于属性的加密 (ABE)。首次提出了ABE的分类和综合评价标准。在分类学中，ABE 方案分为密钥策略 ABE（KP-ABE）方案、密文策略 ABE（CP-ABE）方案、反量子 ABE 方案和通用结构。根据密码学功能特征，CP-ABE进一步分为基本功能、撤销、问责、策略隐藏、策略更新、多权限、层次结构、离线计算和外包计算九个子类。此外，还提出了一种讨论和比较现有 ABE 方案的系统方法。针对KP-ABE和每种类型的CP-ABE，给出了相应的访问控制场景，并通过具体的例子进行了说明。具体来说，给出了 ABE 的语法，然后是对抗模型和安全目标。ABE 方案根据设计策略和特殊功能进行了讨论，并根据建议的评估标准在安全性和性能方面进行了比较。与相关的state-of-the-art调查论文相比，本文不仅提供了更广泛的12类ABE方案，而且进行了更全面和整体的比较。最后，指出了 ABE 中的一些开放研究挑战。与相关的state-of-the-art调查论文相比，本文不仅提供了更广泛的12类ABE方案，而且进行了更全面和整体的比较。最后，指出了 ABE 中的一些开放研究挑战。与相关的state-of-the-art调查论文相比，本文不仅提供了更广泛的12类ABE方案，而且进行了更全面和整体的比较。最后，指出了 ABE 中的一些开放研究挑战。