The evolution of information and communication technologies (ICTs) has introduced new ways for sharing and disseminating user-generated content through remote storage, publishing, and disseminating services. From an enterprise oriented point of view, these services offer cost effective and reliable data storage features that any organisation can take advantage of without long setup delays and capital expenses. Also, from an end-user point of view, distributed and shared data storage services offer considerable advantages in terms of reliability and constant availability of data. While on one hand data sharing services encourage and enhance the collaboration among users, on the other hand they need to provide proper protection of data, possibly enforcing access restrictions defined by the data owner. In this chapter, we present an approach for allowing users to delegate to an external service the enforcement of the access control policy on their resources, while at the same time not requiring complete trust in the external service. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources, and on a hierarchical key structure that exploits the relationships between groups or users. In this way, we limit both the number of keys to be maintained and the amount of encryption to be performed, while keeping a good flexibility with respect to policy updates and revocations.
Selective exchange of confidential data in the outsourcing scenario / S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, P. Samarati - In: Privacy and identity management for life / [a cura di] J. Camenisch, S. Fischer-Hubner, K. Rannenberg. - Berlin : Springer, 2011. - ISBN 9783642203169. - pp. 181-198 [10.1007/978-3-642-20317-6_9]
Selective exchange of confidential data in the outsourcing scenario
S. De Capitani di Vimercati;S. Foresti;P. Samarati
2011
Abstract
The evolution of information and communication technologies (ICTs) has introduced new ways for sharing and disseminating user-generated content through remote storage, publishing, and disseminating services. From an enterprise oriented point of view, these services offer cost effective and reliable data storage features that any organisation can take advantage of without long setup delays and capital expenses. Also, from an end-user point of view, distributed and shared data storage services offer considerable advantages in terms of reliability and constant availability of data. While on one hand data sharing services encourage and enhance the collaboration among users, on the other hand they need to provide proper protection of data, possibly enforcing access restrictions defined by the data owner. In this chapter, we present an approach for allowing users to delegate to an external service the enforcement of the access control policy on their resources, while at the same time not requiring complete trust in the external service. Our solution relies on the translation of the access control policy into an equivalent encryption policy on resources, and on a hierarchical key structure that exploits the relationships between groups or users. In this way, we limit both the number of keys to be maintained and the amount of encryption to be performed, while keeping a good flexibility with respect to policy updates and revocations.
| File | Dimensione | Formato | |
|---|---|---|---|
|
10.1007%2F978-3-642-20317-6_9.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
918.71 kB
Formato
Adobe PDF
|
918.71 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
