Sabrina De Capitani Di Vimercati
Sushil Jajodia
Stefano Paraboschi
Abstract
Current access control models typically assume that resources are under the strict custody of a trusted party which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many clear trends in Web technology are creating a need for owners of sensitive information to manage access to it by legitimate users using the services of honest but curious third parties, that is, parties trusted with providing the required service but not authorized to read the actual data content. In this scenario, the data owner encrypts the data before outsourcing and stores them at the server. Only the data owner and users with knowledge of the key will be able to decrypt the data. Possible access authorizations are to be enforced by the owner. In this article, we address the problem of enforcing selective access on outsourced data without need of involving the owner in the access control process. The solution puts forward a novel approach that combines cryptography with authorizations, thus enforcing access control via selective encryption. The article presents a formal model for access control management and illustrates how an authorization policy can be translated into an equivalent encryption policy while minimizing the amount of keys and cryptographic tokens to be managed. The article also introduces a two-layer encryption approach that allows the data owner to outsource, besides the data, the complete management of the authorization policy itself, thus providing efficiency and scalability in dealing with policy updates. We also discuss experimental results showing that our approach is able to efficiently manage complex scenarios.
Supplemental Material
Available for Download
Online appendix to encryption policies for regulating access to outsourced data on article 12.
- Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., and Xu, Y. 2005. Two can keep a secret: A distributed architecture for secure database services. In Proceedings of the Conference on Innovative Data Systems Research (CIDR'05). VLDB Endowment, 186--199.Google Scholar
- Agrawal, R., Kierman, J., Srikant, R., and Xu, Y. 2004. Order preserving encryption for numeric data. In Proceedings of the ACM SIGMOD'04 International Conference on Management of Data. ACM, New York, 563--574. Google ScholarDigital Library
- Akl, S. and Taylor, P. 1983. Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1, 3, 239--248. Google ScholarDigital Library
- Atallah, M., Frikken, K., and Blanton, M. 2005. Dynamic and efficient key management for access hierarchies. In Proceedings of the ACM Conference on Computer and Communications Security (CCS'05). ACM, New York, 190--202. Google ScholarDigital Library
- Ateniese, G., De Santis, A., Ferrara, A. L., and Masucci, B. 2006. Provably-Secure time-bound hierarchical key assignment schemes. In Proceedings of the ACM Conference on Computer and Communications Security (CCS'06). ACM, New York, 288--297. Google ScholarDigital Library
- Baralis, E., Paraboschi, S., and Teniente, E. 1997. Materialized views selection in a multidimensional database. In Proceedings of the International Conference on Very Large Databases (VLDB'97). Morgan Kaufmann, San Francisco, CA,156--165. Google ScholarDigital Library
- Bouganim, L. and Pucheral, P. 2002. Chip-Secured data access: Confidential data on untrusted servers. In Proceedings of the International Conference on Very Large Databases (VLDB'02). VLDB Endowment, 131--142. Google ScholarDigital Library
- Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2005. Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inform. Syst. Secur. 8, 1, 119--152. Google ScholarDigital Library
- Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M. 1998. Private information retrieval. J. ACM 45, 6, 965--981. Google ScholarDigital Library
- Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. Fragmentation and encryption to enforce privacy in data storage. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'07). Springer, 225--239. Google ScholarDigital Library
- Cormode, G., Srivastava, D., Yu, T., and Zhang, Q. 2008. Anonymizing bipartite graph data using safe groupings. In Proceedings of the International Conference on Very Large Databases (VLDB'08). VLDB Endowment, 833--844. Google ScholarDigital Library
- Crampton, J., Martin, K., and Wild, P. 2006. On key assignment for hierarchical access control. In Proceedings of the IEEE Computer Security Foundations Workshop (CSFW'06). IEEE Computer Society, Washington, 98--111. Google ScholarDigital Library
- Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. An experimental evaluation of multi-key strategies for data outsourcing. In Proceedings of the IFIP International Conference on Information Security (SEC'07). Springer, 385--396.Google Scholar
- The DBLP Computer Science Bibliography. The DBLP computer science bibliography. http://dblp.uni-trier.de.Google Scholar
- De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., and Samarati, P. 2008. Preserving confidentiality of security policies in data outsourcing. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES'08). ACM, New York, 75--84. Google ScholarDigital Library
- De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. Over-Encryption: Management of access control evolution on outsourced data. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 123--134. Google ScholarDigital Library
- De Santis, A., Ferrara, A.L., and Masucci, B. 2004. Cryptographic key assignment schemes for any access control policy. Inform. Process. Lett. 92, 4, 199--205.Google ScholarDigital Library
- Gudes, E. 1980. The design of a cryptography based secure file system. IEEE Trans. Softw. Engin. 6, 5, 411--420. Google ScholarDigital Library
- Hacigümüs, H., Iyer, B., and Mehrotra, S. 2002a. Providing database as a service. In Proceedings of the International Conference on Data Engineering (ICDE'02). IEEE Computer Society, Washington, 29--39. Google ScholarDigital Library
- Hacigümüs, H., Iyer, B., Mehrotra, S., and Li, C. 2002b. Executing SQL over encrypted data in the database-service-provider model. In Proceedings of the ACM SIGMOD'02 International Conference on Management of Data. ACM, New York, 216--227. Google ScholarDigital Library
- Harn, L. and Lin, H. 1990. A cryptographic key generation scheme for multilevel data security. Comput. Secur. 9, 6, 539--546. Google ScholarDigital Library
- Hwang, M. and Yang, W. 2003. Controlling access in large partially ordered hierarchies using cryptographic keys. J. Syst. Softw. 67, 2, 99--107. Google ScholarDigital Library
- Kushilevitz, E. and Ostrovsky, R. 1997. Replication is not needed: Single database, computationally-private information retrieval. In Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS'97). IEEE Computer Society, Washington, 364. Google ScholarDigital Library
- Liaw, H., Wang, S., and Lei, C. 1989. On the design of a single-key-lock mechanism based on Newton's interpolating polynomial. IEEE Trans. Softw. Engin. 15, 9, 1135--1137. Google ScholarDigital Library
- MacKinnon, S., P. Taylor, Meijer, H., and Akl, S. 1985. An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Trans. Comput. 34, 9, 797--802. Google ScholarDigital Library
- Miklau, G. and Suciu, D. 2003. Controlling access to published data using cryptography. In Proceedings of the International Conference on Very Large Databases (VLDB'03). VLDB Endowment, 898--909. Google ScholarDigital Library
- Mykletun, E., Narasimha, M., and Tsudik, G. 2006. Authentication and integrity in outsourced databases. ACM Trans. Storage 2, 2, 107--138. Google ScholarDigital Library
- Nascimento, M., Sander, J., and Pound, J. 2003. Analysis of SIGMOD's co-authorship graph. ACM SIGMOD Rec. 32, 3, 8--10. Google ScholarDigital Library
- Olson, L., Rosulek, M., and Winslett, M. 2007. Harvesting credentials in trust negotiation as an honest-but-curious adversary. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES'07). ACM, New York, 64--67. Google ScholarDigital Library
- Samarati, P. and De Capitani di Vimercati, S. 2001. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri, Eds. Springer, 137--196. Google ScholarDigital Library
- Sandhu, R. 1987. On some cryptographic solutions for access control in a tree hierarchy. In Proceedings of the Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow. IEEE Computer Society Press, Los Alamitos, CA, 405--410. Google ScholarDigital Library
- Sandhu, R. 1988. Cryptographic implementation of a tree hierarchy for access control. Inform. Process. Lett. 27, 2, 95--98. Google ScholarDigital Library
- Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., and Ferguson, N. 1998. On the twofish key schedule. In Proceedings of the ACM Symposium on Applied Computing (SAC'98). Springer, 27--42. Google ScholarDigital Library
- Shen, V. and Chen, T. 2002. A novel key management scheme based on discrete logarithms and polynomial interpolations. Comput. Secur. 21, 2, 164--171.Google ScholarDigital Library
- Shmueli, E., Waisenberg, R., Elovici, Y., and Gudes, E. 2005. Designing secure indexes for encrypted databases. In Proceedings of the Annual Working Conference on Database Security (DBSec'05). Springer, 54--68. Google ScholarDigital Library
- Sion, R. 2005. Query execution assurance for outsourced databases. In Proceedings of the International Conference on Very Large Databases (VLDB'05). VLDB Endowment, 601--612. Google ScholarDigital Library
- Sion, R. 2007. Secure data outsourcing. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 1431--1432. Google ScholarDigital Library
- Sion, R. and Winslett, M. 2007. Regulatory-Compliant data management. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 1433--1434. Google ScholarDigital Library
- Wang, H. and Lakshmanan, L. V. S. 2006. Efficient secure query evaluation over encrypted XML databases. In Proceedings of the International Conference on Very Large Databases (VLDB'06). VLDB Endowment, 127--138. Google ScholarDigital Library
- XML Encryption Syntax and Processing, W3C Rec. 2002. http://www.w3.org/TR/xmlenc-core/.Google Scholar
Index Terms
- Encryption policies for regulating access to outsourced data
Recommendations
Improving security and efficiency of time-bound access to outsourced data
Compute '13: Proceedings of the 6th ACM India Computing ConventionIn time-bound access control, access to the system resources by authorized users is limited to specific time periods. In 2012, Vimercati, Foresti, Jajodia and Livraga proposed a scheme for time-bound access control to outsourced data in cloud using ...
Private data indexes for selective access to outsourced data
WPES '11: Proceedings of the 10th annual ACM workshop on Privacy in the electronic societyCloud storage services have recently emerged as a successful approach for making resources conveniently available to large communities of users. Several techniques have been investigated for enabling such services, including encryption for ensuring data ...
Preserving confidentiality of security policies in data outsourcing
WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic societyRecent approaches for protecting information in data outsourcing scenarios exploit the combined use of access control and cryptography. In this context, the number of keys to be distributed and managed by users can be maintained limited by using a ...
Comments