Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and/or observing users.

(2018). Enforcing authorizations while protecting access confidentiality [journal article - articolo]. In JOURNAL OF COMPUTER SECURITY. Retrieved from http://hdl.handle.net/10446/116608

Enforcing authorizations while protecting access confidentiality

Foresti, Sara;Paraboschi, Stefano;
2018-01-01

Abstract

Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and/or observing users.
journal article - articolo
2018
De Capitani Di Vimercati, Sabrina; Foresti, Sara; Paraboschi, Stefano; Pelosi, Gerardo; Samarati, Pierangela
(2018). Enforcing authorizations while protecting access confidentiality [journal article - articolo]. In JOURNAL OF COMPUTER SECURITY. Retrieved from http://hdl.handle.net/10446/116608
File allegato/i alla scheda:
File Dimensione del file Formato  
dfpps-jcs2017.pdf

Solo gestori di archivio

Versione: postprint - versione referata/accettata senza referaggio
Licenza: Licenza default Aisberg
Dimensione del file 1.81 MB
Formato Adobe PDF
1.81 MB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/116608
Citazioni
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact