Privacy preserving delegated access control in the storage as a service model

Mohamed Nabeel, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.

Original languageEnglish
Title of host publicationProceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012
Pages645-652
Number of pages8
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012 - Las Vegas, NV, United States
Duration: 8 Aug 201210 Aug 2012

Other

Other2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012
CountryUnited States
CityLas Vegas, NV
Period8/8/1210/8/12

Fingerprint

Storage as a service (STaaS)
Access control
Cryptography
Costs

ASJC Scopus subject areas

  • Information Systems

Cite this

Nabeel, M., & Bertino, E. (2012). Privacy preserving delegated access control in the storage as a service model. In Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012 (pp. 645-652). [6303070] https://doi.org/10.1109/IRI.2012.6303070

Privacy preserving delegated access control in the storage as a service model. / Nabeel, Mohamed; Bertino, Elisa.

Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012. 2012. p. 645-652 6303070.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nabeel, M & Bertino, E 2012, Privacy preserving delegated access control in the storage as a service model. in Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012., 6303070, pp. 645-652, 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012, Las Vegas, NV, United States, 8/8/12. https://doi.org/10.1109/IRI.2012.6303070
Nabeel M, Bertino E. Privacy preserving delegated access control in the storage as a service model. In Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012. 2012. p. 645-652. 6303070 https://doi.org/10.1109/IRI.2012.6303070
Nabeel, Mohamed ; Bertino, Elisa. / Privacy preserving delegated access control in the storage as a service model. Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012. 2012. pp. 645-652
@inproceedings{814b749b42aa47b3b107cb948e4f9c74,
title = "Privacy preserving delegated access control in the storage as a service model",
abstract = "Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.",
author = "Mohamed Nabeel and Elisa Bertino",
year = "2012",
doi = "10.1109/IRI.2012.6303070",
language = "English",
isbn = "9781467322843",
pages = "645--652",
booktitle = "Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012",

}

TY - GEN

T1 - Privacy preserving delegated access control in the storage as a service model

AU - Nabeel, Mohamed

AU - Bertino, Elisa

PY - 2012

Y1 - 2012

N2 - Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.

AB - Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.

UR - http://www.scopus.com/inward/record.url?scp=84868311717&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84868311717&partnerID=8YFLogxK

U2 - 10.1109/IRI.2012.6303070

DO - 10.1109/IRI.2012.6303070

M3 - Conference contribution

SN - 9781467322843

SP - 645

EP - 652

BT - Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012

ER -