Selective Data Encryption in Outsourced Dynamic Environments

The amount of information held by organizations' databases is increasing very quickly. A recently proposed solution to the problem of data management, which is becoming increasingly popular, is represented by database outsourcing. Several approaches have been presented to database outsourcing management, investigating the application of data encryption together with indexing information to allow the execution of queries at the third party, without the need of decrypting the data. These proposals assume access control to be under the control of the data owner, who has to filter all the access requests to data. In this paper, we put forward the idea of outsourcing also the access control enforcement at the third party. Our approach combines cryptography together with authorizations, thus enforcing access control via selective encryption. The paper describes authorizations management investigating their specification and representation as well as their enforcement in a dynamic scenario.

[1]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[2]  Sushil Jajodia,et al.  Key management for multi-user encrypted databases , 2005, StorageSS '05.

[3]  Byrav Ramamurthy,et al.  Hierarchy-based access control in distributed environments , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[4]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[5]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[6]  John B. Kam,et al.  A database encryption system with subkeys , 1981, TODS.

[7]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[8]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[9]  Sushil Jajodia,et al.  Implementation of a Storage Mechanism for Untrusted DBMSs , 2003, Second IEEE International Security in Storage Workshop.

[10]  Sushil Jajodia,et al.  Metadata Management in Outsourced Encrypted Databases , 2005, Secure Data Management.

[11]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.