Privacy preserving delegated access control in the storage as a service model

Mohamed Nabeel, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.

Original languageEnglish
Title of host publicationProceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012
Pages645-652
Number of pages8
DOIs
Publication statusPublished - 8 Nov 2012
Event2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012 - Las Vegas, NV, United States
Duration: 8 Aug 201210 Aug 2012

Publication series

NameProceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012

Other

Other2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012
CountryUnited States
CityLas Vegas, NV
Period8/8/1210/8/12

    Fingerprint

ASJC Scopus subject areas

  • Information Systems

Cite this

Nabeel, M., & Bertino, E. (2012). Privacy preserving delegated access control in the storage as a service model. In Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012 (pp. 645-652). [6303070] (Proceedings of the 2012 IEEE 13th International Conference on Information Reuse and Integration, IRI 2012). https://doi.org/10.1109/IRI.2012.6303070