Secure cloud storage, an emerging cloud service, guarantees the confidentiality of outsourced data while providing flexible data access control for cloud users whose data are out of their physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one of the promising secure mechanisms to support fine-grained access control on encrypted data in cloud settings. However, due to its inherent "all-or-nothing" decryption control characteristic, there is a risk for the misuse of access credentials. In this paper, we consider the two main types of access credential misuse, namely: semi-trusted authority's illegal access credential (re-)distribution, and cloud user's illegal access credential leakage. To mitigate these two types of access credential misuse, we propose the first accountable authority revokable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud+. We also prove the security of our system and present the experimental results to demonstrate the utility of our system.

中文翻译：

---

CryptCloud+：用于云存储的安全且富有表现力的数据访问控制

安全云存储是一种新兴的云服务，在保证外包数据的机密性的同时，为数据不受物理控制的云用户提供灵活的数据访问控制。Ciphertext-Policy Attribute-Based Encryption (CP-ABE) 是一种很有前途的安全机制，可支持对云设置中加密数据的细粒度访问控制。然而，由于其固有的“全有或全无”解密控制特性，存在滥用访问凭证的风险。在本文中，我们考虑访问凭证滥用的两种主要类型，即：半可信机构的非法访问凭证（重新）分发和云用户的非法访问凭证泄漏。为了减少这两种类型的访问凭据滥用，我们提出了第一个具有白盒可追溯性和审计功能的基于责任权限可撤销 CP-ABE 的云存储系统，称为 CryptCloud+。我们还证明了我们系统的安全性，并展示了实验结果来证明我们系统的实用性。