论文信息 - Encryption-Based Policy Enforcement for Cloud Storage

Encryption-Based Policy Enforcement for Cloud Storage

Nowadays, users are more and more exploiting external storage and connectivity for sharing and disseminating user-generated content. To this aim, they can benefit of the services offered by Internet companies, which however assume that the service provider is entitled to access the resources. To overcome this limitation, we present an approach that does not require complete trust in the external service w.r.t. both resource content and authorization management, while at the same time allowing users to delegate to the provider the enforcement of the access control policy on their resources. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources and on a hierarchical key structure that limits both the number of keys to be maintained and the amount of encryption to be enforced.

[1] Dan Suciu,et al. Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[2] Hakan Hacigümüs,et al. Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[3] Sushil Jajodia,et al. Preserving confidentiality of security policies in data outsourcing , 2008, WPES '08.

[4] Marina Blanton,et al. Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[5] Philip R. Zimmermann,et al. The official PGP user's guide , 1996 .

[6] Ari Juels,et al. HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[7] Nick Mathewson,et al. Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8] Alfredo De Santis,et al. New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT '07.

[9] Gene Tsudik,et al. Authentication and integrity in outsourced databases , 2006, TOS.

[10] Sushil Jajodia,et al. Encryption policies for regulating access to outsourced data , 2010, TODS.