Fog-assisted　Internet　of　Things　(IoT)　can　outsource　the　massive　data　of　resource-constraint　IoT　devices　to　cloud　and　fog　nodes　(FNs).　Meanwhile,　it　enables　convenient　and　low　time-delay　data-sharing　services,　which　relies　heavily　on　high　security　of　data　confidentiality　and　fine-grained　access　control.　Many　efforts　have　been　focused　on　this　urgent　requirement　by　leveraging　ciphertext-policy　attribute-based　encryption　(CP-ABE).　However,　when　deployed　in　fog-assisted　IoT　systems　for　secure　data　sharing,　it　remains　a　challenging　problem　of　how　to　preserve　attribute　privacy　of　access　policy,　and　trace-then-revoke　traitors　(i.e.,　malicious　users　intending　to　leak　decryption　keys　for　illegal　profits)　efficiently　and　securely　in　such　a　large　scale　and　decentralized　environment　with　resource-constraint　user　devices,　especially　in　consideration　of　misbehaving　cloud　and　FNs.　Therefore,　in　this　article,　we　propose　a　revocable　and　privacy-preserving　decentralized　data-sharing　framework　(RPDDSF)　by　designing　a　large　universe　and　multiauthority　CP-ABE　scheme　with　fully　hidden　access　policy　for　secure　data　sharing　in　IoT　systems　to　achieve　user　attribute　privacy　preserving　with　unbounded　attribute　universe　and　key　escrow　resistance　suitable　for　large　scale　and　decentralized　environment.　Based　on　this,　with　RPDDSF,　anyone　can　efficiently　expose　the　traitors　and　punish　them　by　forward/backward　secure　revocation.　Besides,　RPDDSF　is　able　to　guarantee　data　integrity　for　both　data　owners　(DOs)　and　users　to　resist　misbehaving　cloud　and　FNs,　alongwith　low　computation　overhead　for　resource-constraint　devices.　Finally,　RPDDSF　is　proven　to　be　secure　with　detailed　security　proofs,　and　its　high　efficiency　and　feasibility　are　demonstrated　by　extensive　performance　evaluations.　©　2014　IEEE.