• Version
• Download 10
• File Size 325.68 KB
• File Count 1
• Create Date 17 March 2026
• Last Updated 17 March 2026

Cryptcloud+: Secure and Expressive Data Access Control for Cloud Storage

Srijith v, Manogaran B

ABSTRACT:The rapid adoption of cloud computing has transformed the way data is stored, shared, and accessed across organizationsand individuals. Despite its scalability and cost efficiency, cloud storage introduces serious security and privacy challenges, particularly when sensitive data is outsourced to third-party cloud service providers. Traditional access control mechanisms often rely on the cloud provider’s trustworthiness, which may expose data to unauthorized access, insider threats, and data breaches. To address these concerns, CryptCloud+ is proposed as a secure and expressive data access control framework that enforces fine-grained authorization directly through cryptographic techniques. CryptCloud+ focuses on ensuring data confidentiality while enabling flexible and policy-driven access control over encrypted cloud data. The system leverages encryption-based access control, where data is encrypted before being uploaded to the cloud, and only authorized users possessing valid cryptographic credentials can decrypt and access the data. This approach eliminates the need to trust the cloud service provider, as all sensitive operations related to data access are handled at the client side. A key contribution of CryptCloud+ is its support for expressive access policies, allowing data owners to define complex rules based on user attributes such as roles, departments, access levels, or time constraints. These policies enable fine grained access control without requiring data owners to manage individual permissions manually. The framework ensures that users can access only the data they are authorized for, while unauthorized users, including cloud administrators, are unable to infer any meaningful information from the encrypted data. The proposed system is implemented using Python, taking advantage of its robust cryptographic libraries, simplicity, and integration capabilities. Python-based modules handle key generation, encryption, decryption, and policy enforcement, making the system modular and easy to extend. The implementation demonstrates how secure key management and attribute-based access enforcement can be achieved efficiently in a real-world cloud environment. CryptCloud+ also addresses scalability and performance concerns by minimizing computation overhead during data access. Encryption and decryption operations are optimized to ensure that system performance remains practical even as the number of users and data files increases. Experimental results indicate that the framework maintains strong security guarantees while providing acceptable response times for authorized users. In addition to security, the system enhances usability by allowing seamless data sharing among multiple users without re encrypting data for each individual. This significantly reduces management complexity for data owners while preserving strict access control policies. The system design ensures compatibility with existing cloud storage services, making itadaptable to various deployment scenarios. Overall, CryptCloud+ presents a secure, flexible, and effiient solution for cloud data access control. By combining cryptographic enforcement with expressive policy definition and Python-based implementation, the frameworkstrengthens data security, protects user privacy, and improves trust in cloud storage systems. The proposed model demonstrates the feasibility of practical, cryptography-driven access control for modern cloud environments.