Todays online, distributed data sharing methods mainly based on the concept of Access Control List (ACL) - there is a central entity, usually the operating system (OS) who enforces the permissions in ACL. This is simple and fast, however problematic.
Firstly, if the OS is hacked, the hacker can access every file in contempt of the ACL.
Secondly, the administrators of the OS can access the users' private files. The other way of online distributed file-sharing are the cryptographical file-systems: every file encrypted and signed before uploaded to the
server. In these systems there is no problem with hackers or the curiosity of the administrators, because
every file is encrypted, providing confidentiality, and signed, providing the possibility of detecting unauthorized modification.
On the other hand, the permission handling is problematic, because handling encryption and signature keys in dynamically changing
environment, like file systems, are a non-trivial issue - some users might be granted permissions, while others' permissions have to be revoked. This paper describe how to efficiently handle read and write permissions on distributed, untrusted storage system with dynamically changing permissions and user groups.