More Web Proxy on the site http://driver.im/

Article

A data outsourcing architecture combining cryptography and access control

Authors:

Sabrina De Capitani di Vimercati,

Sushil Jajodia,

Stefano Paraboschi,

Pierangela SamaratiAuthors Info & Claims

CSAW '07: Proceedings of the 2007 ACM workshop on Computer security architecture

Pages 63 - 69

https://doi.org/10.1145/1314466.1314477

Published: 02 November 2007 Publication History

Abstract

Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, we first illustrate the basic principles on which an architecture for combining access control and cryptography can be built. We then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power.

References

[1]

R. Agrawal, J. Kierman, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proc. of ACM SIGMOD 2004, Paris, France, June 2004.

Digital Library

[2]

S. Akl and P. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM TOCS, 1(3):239--248, August 1983.

Digital Library

[3]

J. Anderson. Computer security planning study. Technical Report 73--51, Air Force Electronic System Division, 1972.

[4]

M. Atallah, K. Frikken, and M. Blanton. Dynamic and efficient key management for access hierarchies. In Proc. of the 12th ACM CCS05, Alexandria, VA, USA, November 2005.

Digital Library

[5]

L. Bouganim, F. D. Ngoc, P. Pucheral, and L. Wu. Chip-secured data access: Reconciling access rights with data encryption. In Proc. of the 29th VLDB Conference, Berlin, Germany, September 2003.

Digital Library

[6]

A. Ceselli, E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Modeling and assessing inference exposure in encrypted databases. ACM TISSec, 8(1):119--152, February 2005.

Digital Library

[7]

V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Fragmentation and encryption to enforce privacy in data storage. In Proc. of the 12th ESORICS, Dresden, Germany, September 2007.

Digital Library

[8]

J. Crampton, K. Martin, and P. Wild. On key assignment for hierarchical access control. In Proc. of the 19th IEEE CSFW'06, Venice, Italy, July 2006.

Digital Library

[9]

E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Key management for multiuser encrypted databases. In Proc. of the International Workshop on Storage Security and Survivability, Fairfax, Virginia, USA, November 2005.

Digital Library

[10]

E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. An experimental evaluation of multi-key strategies for data outsourcing. In Proc. of the 22nd IFIP TC-11 International Information Security Conference, South Africa, May 2007.

[11]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: Management of access control evolution on outsourced data. In Proc. of the 33rd VLDB Conference, Vienna, Austria, September 2007.

Digital Library

[12]

H. Hacigumus, B. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of 18th ICDE, San Jose, CA, USA, February 2002.

Digital Library

[13]

H. Hacigumus, B. Iyer, and S. Mehrotra. Efficient execution of aggregation queries over encrypted relational databases. In Proc. of the 9th International Conference on Database Systems for Advanced Applications, Jeju Island, Korea, March 2004.

[14]

H. Hacigumus, B. Iyer, S. Mehrotra, and C. Li. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM SIGMOD 2002, Madison, Wisconsin, USA, June 2002.

Digital Library

[15]

A. Harrington and C. Jensen. Cryptographic access control in a distributed file system. In Proc. of the 8th SACMAT, Como, Italy, June 2003.

Digital Library

[16]

H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. Internet Request for Comments RFC-2104, February 1997.

Digital Library

[17]

G. Miklau and D. Suciu. Controlling access to published data using cryptography. In Proc. of the 29th VLDB Conference, Berlin, Germany, September 2003.

Digital Library

[18]

N. Provos. Encrypting virtual memory. In Proc. of the 9th USENIX Security Symposium, Denver, Colorado, USA, August 2000.

Digital Library

[19]

J. Saltzer and M. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), July 1974.

Digital Library

Cited By

Buccafurri FLazzaro S(2024)A Framework for Secure Internet of Things Applications2024 10th International Conference on Control, Decision and Information Technologies (CoDIT)10.1109/CoDIT62066.2024.10708208(2845-2850)Online publication date: 1-Jul-2024
https://doi.org/10.1109/CoDIT62066.2024.10708208
Banaeian Far SRajabzadeh Asaar MHaghbin A(2024)A generic framework for blockchain-assisted on-chain auditing for off-chain storageInternational Journal of Information Security10.1007/s10207-024-00846-823:3(2407-2435)Online publication date: 18-Apr-2024
https://doi.org/10.1007/s10207-024-00846-8
Dr. P. Karuppasamy Dr. G. Karthikeyan Mr. R. Sankarganesh (2022)Compound Keyword Level Search to conserve Privacy in access of Encrypted CloudInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3985(623-626)Online publication date: 23-May-2022
https://doi.org/10.48175/IJARSCT-3985
Show More Cited By

Index Terms

A data outsourcing architecture combining cryptography and access control
1. Security and privacy
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

Cryptography based access control in healthcare web systems
InfoSecCD '10: 2010 Information Security Curriculum Development Conference

Access control is the capacity of a particular subject (user, process) to permit or deny the use of a specific object (data, file). Access control mechanisms can be used in managing physical resources and logical resources. Cryptography access control ...
Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CSAW '07: Proceedings of the 2007 ACM workshop on Computer security architecture

November 2007

92 pages

ISBN:9781595938909

DOI:10.1145/1314466

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chair:
Vijay Atluri
Rutgers University, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS07

Sponsor:

CCS07: 14th ACM Conference on Computer and Communications Security 2007

November 2, 2007

Virginia, Fairfax, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

73
Total Citations
View Citations
987
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Buccafurri FLazzaro S(2024)A Framework for Secure Internet of Things Applications2024 10th International Conference on Control, Decision and Information Technologies (CoDIT)10.1109/CoDIT62066.2024.10708208(2845-2850)Online publication date: 1-Jul-2024
https://doi.org/10.1109/CoDIT62066.2024.10708208
Banaeian Far SRajabzadeh Asaar MHaghbin A(2024)A generic framework for blockchain-assisted on-chain auditing for off-chain storageInternational Journal of Information Security10.1007/s10207-024-00846-823:3(2407-2435)Online publication date: 18-Apr-2024
https://doi.org/10.1007/s10207-024-00846-8
Dr. P. Karuppasamy Dr. G. Karthikeyan Mr. R. Sankarganesh (2022)Compound Keyword Level Search to conserve Privacy in access of Encrypted CloudInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-3985(623-626)Online publication date: 23-May-2022
https://doi.org/10.48175/IJARSCT-3985
Chen YLi WGao FWen QZhang HWang H(2022)Practical Attribute-Based Multi-Keyword Ranked Search Scheme in Cloud ComputingIEEE Transactions on Services Computing10.1109/TSC.2019.295930615:2(724-735)Online publication date: 1-Mar-2022
https://doi.org/10.1109/TSC.2019.2959306
Jyosthna Pattabhi MReddy Konala T(2022)Intent Based Access for Policy Control2022 International Conference on Breakthrough in Heuristics And Reciprocation of Advanced Technologies (BHARAT)10.1109/BHARAT53139.2022.00020(43-48)Online publication date: Apr-2022
https://doi.org/10.1109/BHARAT53139.2022.00020
Khan FKhan STahir SAhmad JTahir HShah S(2021)Granular Data Access Control with a Patient-Centric Policy Update for HealthcareSensors10.3390/s2110355621:10(3556)Online publication date: 20-May-2021
https://doi.org/10.3390/s21103556
Abdulsalam YHedabou M(2021)Security and Privacy in Cloud Computing: Technical ReviewFuture Internet10.3390/fi1401001114:1(11)Online publication date: 27-Dec-2021
https://doi.org/10.3390/fi14010011
Ferrara APaci FRicciardi C(2021)Verifiable Hierarchical Key Assignment SchemesData and Applications Security and Privacy XXXV10.1007/978-3-030-81242-3_21(357-376)Online publication date: 14-Jul-2021
https://doi.org/10.1007/978-3-030-81242-3_21
S KV S(2019)Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access ControlInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT19518(57-61)Online publication date: 1-Jan-2019
https://doi.org/10.32628/CSEIT19518
Chaudhari SVenkatachalam PBuddhiraju K(2019)Secure Outsourcing of Geospatial Vector DataIGARSS 2019 - 2019 IEEE International Geoscience and Remote Sensing Symposium10.1109/IGARSS.2019.8898855(871-874)Online publication date: Jul-2019
https://doi.org/10.1109/IGARSS.2019.8898855
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents