Enforcing Subscription-Based Authorization Policies in Cloud Scenarios

  • Sabrina De Capitani di Vimercati
  • Sara Foresti
  • Sushil Jajodia
  • Giovanni Livraga
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7371)


The rapid advances in the Information and Communication Technologies have brought to the development of on-demand high quality applications and services allowing users to easily access resources anywhere anytime. Users can pay for a service and access the resources made available during their subscriptions until the subscribed periods expire. Users are then forced to download such resources if they want to access them also after the subscribed periods. To avoid this burden to the users, we propose the adoption of a subscription-based access control policy that combines a flexible key derivation structure with selective encryption. The publication of new resources as well as the management of subscriptions are accommodated by adapting the key derivation structure in a transparent way for the users.


access control subscription-based policies data outsourcing 


  1. 1.
    Atallah, M.J., Blanton, M., Fazio, N., Frikken, K.B.: Dynamic and efficient key management for access hierarchies. ACM TISSEC 12(3), 18:1–18:43 (2009)Google Scholar
  2. 2.
    Atallah, M.J., Blanton, M., Frikken, K.B.: Incorporating Temporal Capabilities in Existing Key Management Schemes. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 515–530. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Ateniese, G., De Santis, A., Ferrara, A.L., Masucci, B.: Provably-secure time-bound hierarchical key assignment schemes. Journal of Cryptology 25(2), 243–270 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM TODS 23(3), 231–285 (1998)CrossRefGoogle Scholar
  5. 5.
    Bettini, C., Dyreson, C.E., Evans, W.S., Snodgrass, R.T., Wang, X.S.: A Glossary of Time Granularity Concepts. In: Etzion, O., Jajodia, S., Sripada, S. (eds.) Dagstuhl Seminar 1997. LNCS, vol. 1399, pp. 406–413. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Blanton, M., Frikken, K.B.: Efficient Multi-dimensional Key Management in Broadcast Services. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 424–440. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Crampton, J.: Practical and efficient cryptographic enforcement of interval-based access control policies. ACM TISSEC 14(1), 14:1–14:30 (2011)Google Scholar
  8. 8.
    Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of CCS 2003, Washington, DC, USA (October 2003)Google Scholar
  9. 9.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proc. of CSAW 2007, Fairfax, VA, USA (November 2007)Google Scholar
  10. 10.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (2010)Google Scholar
  11. 11.
    Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.: The many faces of publish/subscribe. ACM CSUR 35(2), 114–131 (2003)CrossRefGoogle Scholar
  12. 12.
    Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the SIGMOD 2002, Madison, WI, USA (June 2002)Google Scholar
  13. 13.
    Jhawar, R., Piuri, V., Santambrogio, M.D.: A comprehensive conceptual system-level approach to fault tolerance in cloud computing. In: Proc. of IEEE SysCon 2012, Vancouver, BC, Canada (March 2012)Google Scholar
  14. 14.
    Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of VLDB 2003, Berlin, Germany (September 2003)Google Scholar
  15. 15.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. ACM TOS 2(2), 107–138 (2006)CrossRefGoogle Scholar
  16. 16.
    Preda, S., Cuppens-Boulahia, N., Cuppens, F., Toutain, L.: Architecture-aware adaptive deployment of contextual security policies. In: Proc. of ARES 2010, Krakow, Poland (2010)Google Scholar
  17. 17.
    Samarati, P., De Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Samarati, P., De Capitani di Vimercati, S.: Data protection in outsourcing scenarios: Issues and directions. In: Proc. of ASIACCS 2010, Beijing, China (April 2010)Google Scholar
  19. 19.
    Toahchoodee, M., Ray, I.: On the formalization and analysis of a spatio-temporal role-based access control model. JCS 19(3), 399–452 (2011)CrossRefGoogle Scholar
  20. 20.
    Wang, C., Carzaniga, A., Evans, D., Wolf, A.: Security issues and requirements for internet-scale publish-subscribe systems. In: Proc. of HICSS 2002, Big Island, HI, USA (January 2002)Google Scholar
  21. 21.
    Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of VLDB 2006, Seoul, Korea (September 2006)Google Scholar
  22. 22.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM TON 8(1), 16–30 (2000)CrossRefGoogle Scholar
  23. 23.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proc. of INFOCOM 2010, San Diego, CA, USA (March 2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Sabrina De Capitani di Vimercati
    • 1
  • Sara Foresti
    • 1
  • Sushil Jajodia
    • 2
  • Giovanni Livraga
    • 1
  1. 1.Università degli Studi di MilanoCremaItaly
  2. 2.George Mason UniversityFairfaxUSA

Personalised recommendations