Efficient management of transitive relationships in large data and knowledge bases
SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data
Direct transitive closure algorithms: design and performance evaluation
ACM Transactions on Database Systems (TODS)
A compression technique to materialize transitive closure
ACM Transactions on Database Systems (TODS)
PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet
Proceedings of the 7th ACM conference on Computer and communications security
Using digital credentials on the World Wide Web
Journal of Computer Security - Special issue on security in the World Wide Web
Interoperable strategies in automated trust negotiation
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
An identifiability-based access control model for privacy protection in open systems
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Modeling and assessing inference exposure in encrypted databases
ACM Transactions on Information and System Security (TISSEC)
Query execution assurance for outsourced databases
VLDB '05 Proceedings of the 31st international conference on Very large data bases
DSAC: integrity for outsourced databases with signature aggregation and chaining
Proceedings of the 14th ACM international conference on Information and knowledge management
Dynamic and efficient key management for access hierarchies
Proceedings of the 12th ACM conference on Computer and communications security
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
IEEE Transactions on Computers
Journal of Cognitive Neuroscience
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
A data outsourcing architecture combining cryptography and access control
Proceedings of the 2007 ACM workshop on Computer security architecture
Controlling access to published data using cryptography
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
A privacy-preserving index for range queries
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Over-encryption: management of access control evolution on outsourced data
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
The Traust Authorization Service
ACM Transactions on Information and System Security (TISSEC)
Fragmentation and encryption to enforce privacy in data storage
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Key allocation schemes for private social networks
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Encryption policies for regulating access to outsourced data
ACM Transactions on Database Systems (TODS)
Tradeoff between energy savings and privacy protection in computation offloading
Proceedings of the 16th ACM/IEEE international symposium on Low power electronics and design
Building ISMS through the reuse of knowledge
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
HotPower'10 Proceedings of the 2010 international conference on Power aware computing and systems
A generic architecture for integrating health monitoring and advanced care provisioning
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Privacy enhanced data outsourcing in the cloud
Journal of Network and Computer Applications
Toward efficient and confidentiality-aware federation of access control policies
Proceedings of the 7th Workshop on Middleware for Next Generation Internet Computing
Hi-index | 0.00 |
Recent approaches for protecting information in data outsourcing scenarios exploit the combined use of access control and cryptography. In this context, the number of keys to be distributed and managed by users can be maintained limited by using a public catalog of tokens that allow key derivation along a hierarchy. However, the public token catalog, by expressing the key derivation relationships, may leak information on the security policies (authorizations) enforced by the system, which the data owner may instead wish to maintain confidential. In this paper, we present an approach to protect the privacy of the tokens published in the public catalog. Consistently with the data outsourcing scenario, our solution exploits the use of cryptography, by adding an encryption layer to the catalog. A complicating issue in this respect is that this new encryption layer should follow a derivation path that is "reversed" with respect to the key derivation. Our approach solves this problem by combining cryptography and transitive closure information. The result is an efficient solution allowing token release and traversal of the key derivation structure only to those users authorized to access the underlying resources. We also present experimental results that illustrate the behavior of our technique in large settings.