Commune: Shared Ownership in an Agnostic Cloud
This addresses a limitation in cloud storage for collaborative users by enabling shared ownership without platform modifications, though it is incremental as it builds on existing cloud infrastructures.
The paper tackles the problem of single-owner access control in cloud storage, which limits collaborations by allowing unilateral decisions like file deletion. It proposes Commune, a solution that enforces shared ownership requiring a threshold of owners for access grants, and demonstrates its integration with Amazon S3, showing scalability and performance.
Although cloud storage platforms promise a convenient way for users to share files and engage in collaborations, they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because one owner can, for example, delete files and revoke access without consulting the other collaborators. In this paper, we first formally define a notion of shared ownership within a file access control model. We then propose a solution, called Commune, to the problem of distributively enforcing shared ownership in agnostic clouds, so that access grants require the support of a pre-arranged threshold of owners. Commune can be used in existing clouds without requiring any modifications to the platforms. We analyze the security of our solution and evaluate its scalability and performance by means of an implementation integrated with Amazon S3.