Privacy requirements have an increasing impact on the realization of modern applications. Commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. Current approaches encrypt sensitive data, thus reducing query execution efficiency and preventing selective information release. In this thesis, we present a comprehensive approach for protecting highly sensitive information when it is stored on systems that are not under the data owner's control. Our approach combines access control and encryption, enforcing access control via structured encryption. Our solution, coupled with efficient algorithms for key derivation and distribution, provides efficient and secure authorization management on outsourced data allowing the data owner to outsource not only the data but the security policy itself. To reduce the amount of data to be encrypted we also investigate data fragmentation as a possible way to protect privacy of data associations and provide fragmentation as a complementary means for protecting privacy: associations broken by fragmentation will be visible only to users authorized (by knowing the proper key) to join fragments. We finally investigate the problem of executing queries over possible data distributed at different servers and which must be controlled to ensure sensitive information and sensitive associations be visible only to parties authorized for that.
Preserving privacy in data outsourcing / S. Foresti ; tutor: Pierangela Samarati, Sabrina De Capitani di Vimercati. DIPARTIMENTO DI TECNOLOGIE DELL'INFORMAZIONE (CREMA), 2010 Apr 22. 21. ciclo, Anno Accademico 2007/2008. [10.13130/foresti-sara_phd2010-04-22].
Preserving privacy in data outsourcing
S. Foresti
2010
Abstract
Privacy requirements have an increasing impact on the realization of modern applications. Commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. Current approaches encrypt sensitive data, thus reducing query execution efficiency and preventing selective information release. In this thesis, we present a comprehensive approach for protecting highly sensitive information when it is stored on systems that are not under the data owner's control. Our approach combines access control and encryption, enforcing access control via structured encryption. Our solution, coupled with efficient algorithms for key derivation and distribution, provides efficient and secure authorization management on outsourced data allowing the data owner to outsource not only the data but the security policy itself. To reduce the amount of data to be encrypted we also investigate data fragmentation as a possible way to protect privacy of data associations and provide fragmentation as a complementary means for protecting privacy: associations broken by fragmentation will be visible only to users authorized (by knowing the proper key) to join fragments. We finally investigate the problem of executing queries over possible data distributed at different servers and which must be controlled to ensure sensitive information and sensitive associations be visible only to parties authorized for that.
| File | Dimensione | Formato | |
|---|---|---|---|
|
PhDThesis.pdf
accesso aperto
Tipologia:
Altro
Dimensione
5.37 MB
Formato
Adobe PDF
|
5.37 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
