IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.

An authorization model for query execution in the cloud / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati. - In: VLDB JOURNAL. - ISSN 1066-8888. - 31:3(2022), pp. 555-579. [10.1007/s00778-021-00709-x]

An authorization model for query execution in the cloud

S. De Capitani di Vimercati
Primo
;S. Foresti
Secondo
;G. Livraga;P. Samarati
Ultimo
2022

Abstract

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.
Authorization model; Collaborative query evaluation; Plaintext and encrypted visibility; Implicit attributes; Equivalent attributes; Relation profile
Settore INF/01 - Informatica
   Multi-Owner data Sharing for Analytics and Integration respecting Confidentiality and Owner control (MOSAICrOWN)
   MOSAICrOWN
   EUROPEAN COMMISSION
   H2020
   825333

   Machine Learning-based, Networking and Computing Infrastructure Resource Management of 5G and beyond Intelligent Networks (MARSAL)
   MARSAL
   EUROPEAN COMMISSION
   H2020
   101017171
2022
6-nov-2021
VLDB JOURNAL
Article (author)
01 - Articolo su periodico
File in questo prodotto:
File Dimensione Formato  
dfjlps-vldbj2021.pdf

Open Access dal 07/11/2022

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 916.73 kB
Formato Adobe PDF
Visualizza/Apri
916.73 kB Adobe PDF Visualizza/Apri
DeCapitaniDiVimercati2021_Article_AnAuthorizationModelForQueryEx(1).pdf

accesso aperto

Tipologia: Publisher's version/PDF
Dimensione 1.86 MB
Formato Adobe PDF
Visualizza/Apri
1.86 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/883865
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 1
social impact