Preserving confidentiality of security policies in data outsourcing

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Preserving confidentiality of security policies in data outsourcing

Full text

Pdf (426 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 7th ACM workshop on Privacy in the electronic society table of contents

Alexandria, Virginia, USA

SESSION: Data privacy table of contents

Pages 75-84

Year of Publication: 2008

ISBN:978-1-60558-289-4

Authors

Sabrina De Capitani di Vimercati	Università di Milano, Crema (CR), Italy
Sara Foresti	Università di Milano, Crema (CR), Italy
Sushil Jajodia	George Mason University, Fairfax, VA, USA
Stefano Paraboschi	Università di Bergamo, Dalmine (BG), Italy
Gerardo Pelosi	Università di Bergamo, Dalmine (BG), Italy
Pierangela Samarati	Università di Milano, Crema (CR), Italy

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 20, Downloads (12 Months): 207, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456403.1456417 What is a DOI?

ABSTRACT

Recent approaches for protecting information in data outsourcing scenarios exploit the combined use of access control and cryptography. In this context, the number of keys to be distributed and managed by users can be maintained limited by using a public catalog of tokens that allow key derivation along a hierarchy. However, the public token catalog, by expressing the key derivation relationships, may leak information on the security policies (authorizations) enforced by the system, which the data owner may instead wish to maintain confidential.

In this paper, we present an approach to protect the privacy of the tokens published in the public catalog. Consistently with the data outsourcing scenario, our solution exploits the use of cryptography, by adding an encryption layer to the catalog. A complicating issue in this respect is that this new encryption layer should follow a derivation path that is "reversed" with respect to the key derivation. Our approach solves this problem by combining cryptography and transitive closure information. The result is an efficient solution allowing token release and traversal of the key derivation structure only to those users authorized to access the underlying resources. We also present experimental results that illustrate the behavior of our technique in large settings.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu. Two can keep a secret: a distributed architecture for secure database services. In Proc. of CIDR 2005, Asilomar, CA, January 2005.
	2	R. Agrawal , A. Borgida , H. V. Jagadish, Efficient management of transitive relationships in large data and knowledge bases, ACM SIGMOD Record, v.18 n.2, p.253-262, June 1989
	3	Rakesh Agrawal , Shaul Dar , H. V. Jagadish, Direct transitive closure algorithms: design and performance evaluation, ACM Transactions on Database Systems (TODS), v.15 n.3, p.427-458, Sept. 1990 [doi>10.1145/88636.88888]
	4	Mikhail J. Atallah , Keith B. Frikken , Marina Blanton, Dynamic and efficient key management for access hierarchies, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102147]
	5	Piero A. Bonatti , Pierangela Samarati, A uniform framework for regulating service access and information release on the web, Journal of Computer Security, v.10 n.3, p.241-271, 2002
	6	Alberto Ceselli , Ernesto Damiani , Sabrina De Capitani Di Vimercati , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, Modeling and assessing inference exposure in encrypted databases, ACM Transactions on Information and System Security (TISSEC), v.8 n.1, p.119-152, February 2005 [doi>10.1145/1053283.1053289]
	7	V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Fragmentation and encryption to enforce privacy in data storage. In Proc. of ESORICS 2007, Dresden, Germany, September 2007.
	8	E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. An experimental evaluation of multi-key strategies for data outsourcing. In Proc. of the 22nd IFIP TC-11 International Information Security Conference, South Africa, May 2007.
	9	Sabrina De Capitani di Vimercati , Sara Foresti , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, A data outsourcing architecture combining cryptography and access control, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA [doi>10.1145/1314466.1314477]
	10	Sabrina De Capitani di Vimercati , Sara Foresti , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, Over-encryption: management of access control evolution on outsourced data, Proceedings of the 33rd international conference on Very large data bases, September 23-27, 2007, Vienna, Austria
	11	Keith Frikken , Mikhail Atallah , Jiangtao Li, Attribute-Based Access Control with Hidden Policies and Hidden Credentials, IEEE Transactions on Computers, v.55 n.10, p.1259-1270, October 2006 [doi>10.1109/TC.2006.158]
	12	Providing Database as a Service, Proceedings of the 18th International Conference on Data Engineering, p.29, February 26-March 01, 2002
	13	H. Hacigümüs, B. Iyer, and S. Mehrotra. Ensuring integrity of encrypted databases in database as a service model. In Proc. of the IFIP Conference on Data and Applications Security, Estes Park Colorado, CA, August 2003.
	14	Hakan Hacigümüş , Bala Iyer , Chen Li , Sharad Mehrotra, Executing SQL over encrypted data in the database-service-provider model, Proceedings of the 2002 ACM SIGMOD international conference on Management of data, June 03-06, 2002, Madison, Wisconsin [doi>10.1145/564691.564717]
	15	Bijit Hore , Sharad Mehrotra , Gene Tsudik, A privacy-preserving index for range queries, Proceedings of the Thirtieth international conference on Very large data bases, p.720-731, August 31-September 03, 2004, Toronto, Canada
	16	Keith Irwin , Ting Yu, An identifiability-based access control model for privacy protection in open systems, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA [doi>10.1145/1029179.1029194]
	17	H. V. Jagadish, A compression technique to materialize transitive closure, ACM Transactions on Database Systems (TODS), v.15 n.4, p.558-598, Dec. 1990 [doi>10.1145/99935.99944]
	18	Adam J. Lee , Marianne Winslett , Jim Basney , Von Welch, The Traust Authorization Service, ACM Transactions on Information and System Security (TISSEC), v.11 n.1, p.1-33, February 2008 [doi>10.1145/1330295.1330297]
	19	Gerome Miklau , Dan Suciu, Controlling access to published data using cryptography, Proceedings of the 29th international conference on Very large data bases, p.898-909, September 09-12, 2003, Berlin, Germany
	20	E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced database. In Proc. of the 11th NDSS, San Diego, CA, February 2004.
	21	Maithili Narasimha , Gene Tsudik, DSAC: integrity for outsourced databases with signature aggregation and chaining, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany [doi>10.1145/1099554.1099604]
	22	Radu Sion, Query execution assurance for outsourced databases, Proceedings of the 31st international conference on Very large data bases, August 30-September 02, 2005, Trondheim, Norway
	23	Hui Wang , Laks V. S. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	24	William H. Winsborough , Ninghui Li, Safety in automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.352-390, August 2006 [doi>10.1145/1178618.1178623]
	25	M. Winslett , N. Ching , V. Jones , I. Slepchin, Using digital credentials on the World Wide Web, Journal of Computer Security, v.5 n.3, p.255-267, June 1997
	26	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002 [doi>10.1109/MIC.2002.1067734]
	27	Ting Yu , Xiaosong Ma , Marianne Winslett, PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet, Proceedings of the 7th ACM conference on Computer and communications security, p.210-219, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352633]
	28	Ting Yu , Marianne Winslett , Kent E. Seamons, Interoperable strategies in automated trust negotiation, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502004]
	29	Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003 [doi>10.1145/605434.605435]