Cloud storage service allows data owner to host their data in the cloud and through which provide the data access to the users. Because the cloud server is not trustworthy in the cloud storage system, we cannot rely on the server to conduct data access control. To achieve data access control on untrusted servers, traditional methods usually require the data owner to encrypt the data and deliver decryption keys to authorized users. In these methods, however, the key management is very

more »

... and inefficient. In this paper, we design an access control framework in cloud storage systems and propose a fine-grained access control scheme based on Ciphertext-Policy Attribute-based Encryption (CP-ABE) approach. In our scheme, the data owner is in charge of defining and enforcing the access policy. We also propose an efficient attribute revocation method for CP-ABE systems, which can greatly reduce the attribute revocation cost. The analysis shows that our proposed access control scheme is efficient and provably secure in the random oracle model.