Nowadays, users are more and more exploiting external storage and connectivity for sharing and disseminating user-generated content. To this aim, they can benefit of the services offered by Internet companies, which however assume that the service provider is entitled to access the resources. To overcome this limitation, we present an approach that does not require complete trust in the external service w.r.t. both resource content and authorization management, while at the same time allowing users to delegate to the provider the enforcement of the access control policy on their resources. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources and on a hierarchical key structure that limits both the number of keys to be maintained and the amount of encryption to be enforced.
Encryption-based policy enforcement for cloud storage / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, G. Pelosi, P. Samarati - In: 2010 IEEE 30. International conference on distributed computing systems workshops : ICDCSW 2010 : 21-25 june 2010, Genova, Italy : proceedingsLos Alamitos : Institute of electrical and electronics engineers, 2010. - ISBN 9781424474714. - pp. 42-51 (( Intervento presentato al 30. convegno IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW) tenutosi a Genova nel 2010 [10.1109/ICDCSW.2010.35].
Encryption-based policy enforcement for cloud storage
S. De Capitani di Vimercati;S. Foresti;P. Samarati
2010
Abstract
Nowadays, users are more and more exploiting external storage and connectivity for sharing and disseminating user-generated content. To this aim, they can benefit of the services offered by Internet companies, which however assume that the service provider is entitled to access the resources. To overcome this limitation, we present an approach that does not require complete trust in the external service w.r.t. both resource content and authorization management, while at the same time allowing users to delegate to the provider the enforcement of the access control policy on their resources. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources and on a hierarchical key structure that limits both the number of keys to be maintained and the amount of encryption to be enforced.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
