An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy
IEEE Transactions on Computers
On some cryptographic solutions for access control in a tree hierarchy
ACM '87 Proceedings of the 1987 Fall Joint Computer Conference on Exploring technology: today and tomorrow
Cryptographic implementation of a tree hierarchy for access control
Information Processing Letters
On the Design of a Single-Key-Lock Mechanism Based on Newton's Interpolating Polynomial
IEEE Transactions on Software Engineering
A cryptographic key generation scheme for multilevel data security
Computers and Security
Journal of the ACM (JACM)
Cryptographic solution to a problem of access control in a hierarchy
ACM Transactions on Computer Systems (TOCS)
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Materialized Views Selection in a Multidimensional Database
VLDB '97 Proceedings of the 23rd International Conference on Very Large Data Bases
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Controlling access in large partially ordered hierarchies using cryptographic keys
Journal of Systems and Software
Analysis of SIGMOD's co-authorship graph
ACM SIGMOD Record
Order preserving encryption for numeric data
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Cryptographic key assignment schemes for any access control policy
Information Processing Letters
Modeling and assessing inference exposure in encrypted databases
ACM Transactions on Information and System Security (TISSEC)
Query execution assurance for outsourced databases
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Dynamic and efficient key management for access hierarchies
Proceedings of the 12th ACM conference on Computer and communications security
Authentication and integrity in outsourced databases
ACM Transactions on Storage (TOS)
On Key Assignment for Hierarchical Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Journal of Cognitive Neuroscience
Provably-secure time-bound hierarchical key assignment schemes
Proceedings of the 13th ACM conference on Computer and communications security
Chip-secured data access: confidential data on untrusted servers
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
The Design of a Cryptography Based Secure File System
IEEE Transactions on Software Engineering
Harvesting credentials in trust negotiation as an honest-but-curious adversary
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Controlling access to published data using cryptography
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Over-encryption: management of access control evolution on outsourced data
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Regulatory-compliant data management
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Anonymizing bipartite graph data using safe groupings
Proceedings of the VLDB Endowment
Preserving confidentiality of security policies in data outsourcing
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Designing secure indexes for encrypted databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Fragmentation and encryption to enforce privacy in data storage
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Data protection in outsourcing scenarios: issues and directions
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Protecting privacy in data release
Foundations of security analysis and design VI
Time-storage trade-offs for cryptographically-enforced access control
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Supporting concurrency in private data outsourcing
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Private data indexes for selective access to outsourced data
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Privacy of data outsourced to a cloud for selected readers through client-side encryption
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Enforcing subscription-based authorization policies in cloud scenarios
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Role-based access control to outsourced data in cloud computing
ADC '13 Proceedings of the Twenty-Fourth Australasian Database Conference - Volume 137
Hi-index | 0.00 |
Current access control models typically assume that resources are under the strict custody of a trusted party which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many clear trends in Web technology are creating a need for owners of sensitive information to manage access to it by legitimate users using the services of honest but curious third parties, that is, parties trusted with providing the required service but not authorized to read the actual data content. In this scenario, the data owner encrypts the data before outsourcing and stores them at the server. Only the data owner and users with knowledge of the key will be able to decrypt the data. Possible access authorizations are to be enforced by the owner. In this article, we address the problem of enforcing selective access on outsourced data without need of involving the owner in the access control process. The solution puts forward a novel approach that combines cryptography with authorizations, thus enforcing access control via selective encryption. The article presents a formal model for access control management and illustrates how an authorization policy can be translated into an equivalent encryption policy while minimizing the amount of keys and cryptographic tokens to be managed. The article also introduces a two-layer encryption approach that allows the data owner to outsource, besides the data, the complete management of the authorization policy itself, thus providing efficiency and scalability in dealing with policy updates. We also discuss experimental results showing that our approach is able to efficiently manage complex scenarios.