With the thriving growth of the cloud computing, the security and privacy concerns of outsourcing data have been increasing dramatically. However, because of delegating the management of data to an untrusted cloud server in data outsourcing process, the data access control has been recognized as a challenging issue in cloud storage systems. One of the preeminent technologies to control data access in cloud computing is Attribute-based Encryption (ABE) as a cryptographic primitive, which establishes the decryption ability on the basis of a user's attributes. This paper provides a comprehensive survey on attribute-based access control schemes and compares each scheme's functionality and characteristic. We also present a thematic taxonomy of attribute-based approaches based on significant parameters, such as access control mode, architecture, revocation mode, revocation method, revocation issue, and revocation controller. The paper reviews the state-of-the-art ABE methods and categorizes them into three main classes, such as centralized, decentralized, and hierarchal, based on their architectures. We also analyzed the different ABE techniques to ascertain the advantages and disadvantages, the significance and requirements, and identifies the research gaps. Finally, the paper presents open issues and challenges for further investigations.

Additional Metadata
Keywords Access control, Attribute-based encryption, Cloud computing, Thematic taxonomy
Persistent URL dx.doi.org/10.1016/j.future.2016.08.018
Journal Future Generation Computer Systems
Citation
Sookhak, M. (Mehdi), Yu, F.R, Khan, M.K. (Muhammad Khurram), Xiang, Y. (Yang), & Buyya, R. (Rajkumar). (2017). Attribute-based data access control in mobile cloud computing: Taxonomy and open issues. Future Generation Computer Systems, 72, 273–287. doi:10.1016/j.future.2016.08.018