Abstract
With the rapid application of cloud computing technologies, service and data outsourcing has become a practical and useful paradigm. In order to manage sensitive information in this outsourcing scenario, combined use of access control technologies and cryptography was proposed by many researchers. However, the rigid combination in existing approaches has difficulty in satisfying the flexible data management for diverse applications. In this paper, we advocate a separation methodology where an authorization policy is not required to be embedded into ciphertexts or keys during encrypting data, and can be linked to the ciphertexts at any time. Authorization is independently carried out as usually without involving encryption, and encryption plays a foundational mechanism without considering authorization. We propose a separation approach based on homomorphic encryption to realize outsourced data management, where an encryption procedure is separated from authorization, and dynamically integrated with authorization policy according to subjects’ attributes at any time.
Keywords
Supported by Project of New Generation Broadband Wireless Network under(Grant No.2010ZX03004-001, 2011ZX03002-002-01, 2012ZX03005008-001).
References
Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. on Information and System Security 8(1), 119–152 (2005)
Hacigumus, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of ICDE 2002, pp. 29–39. IEEE Computer Society, Washington (2002)
Hacigumus, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of ACM SIGMOD 2002, pp. 216–227. ACM, New York (2002)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S.: Preserving Confidentiality of Security Policies in Data Outsourcing. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, pp. 75–84 (2008)
Samarati, P., de Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective Data Encryption in Outsourced Dynamic Environments. Electronic Notes in Theoretical Computer Science, 127–142 (2007)
Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Metadata Management in Outsourced Encrypted Databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 16–32. Springer, Heidelberg (2005)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proc. of the 33rd VLDB Conference, Vienna, Austria, pp. 123–134 (September 2007)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proc. of the 1st Computer Security Architecture Workshop, Fairfax, VA, pp. 63–69 (November 2007)
Gentry, C.: Fully Homomorphic Encryption without Bootstrapping (2011), http://eprint.iacr.org
Lauter, K., Naehrig, M., Vaikuntanathan, V.: Can Homomorphic Encryption be Practical, http://eprint.iacr.org/2011/133.pdf
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption Policies for Regulating Access to Outsourced Data. ACM Transactions on Database Systems, 1–45 (2010)
Yu, S.C., Wang, C., Ren, K., Lou, W.J.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Y., Chen, JL. (2013). Homomorphic-Encryption-Based Separation Approach for Outsourced Data Management. In: Ghose, A., et al. Service-Oriented Computing - ICSOC 2012 Workshops. ICSOC 2012. Lecture Notes in Computer Science, vol 7759. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37804-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-37804-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37803-4
Online ISBN: 978-3-642-37804-1
eBook Packages: Computer ScienceComputer Science (R0)