Keyword-based　search　over　encrypted　data　is　an　important　technique　to　achieve　both　data　confidentiality　and　utilization　in　cloud　outsourcing　services.　While　commonly　used　access　control　mechanisms,　such　as　identity-based　encryption　and　attribute-based　encryption,　do　not　generally　scale　well　for　hierarchical　access　permissions.　To　solve　this　problem,　we　propose　a　Role-based　Encrypted　Keyword　Search　(REKS)　scheme　by　using　the　role-based　access　control　and　broadcast　encryption.　Specifically,　REKS　allows　owners　to　deploy　hierarchical　access　control　by　allowing　users　with　parent　roles　to　have　access　permissions　from　child　roles.　Using　REKS,　we　further　facilitate　token　generation　preprocessing　and　efficient　user　management,　thereby　significantly　reducing　the　users＇　final　token　generation　and　index　update　overheads,　respectively.　Formal　security　analysis　proves　that　REKS　is　secure　against　chosen　keyword　and　internal　keyword　guessing　attacks,　and　findings　from　the　empirical　evaluations　demonstrate　that　REKS　is　efficient　and　practical.　©　2004-2012　IEEE.