Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, we first illustrate the basic principles on which an architecture for combining access control and cryptography can be built. We then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power.
A data outsourcing architecture combining cryptography and access control / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati - In: CSAW '07 : proceedingsNew York : ACM, 2007. - ISBN 9781595938909. - pp. 63-69 (( Intervento presentato al 1. convegno CSAW tenutosi a Fairfax nel 2007.
A data outsourcing architecture combining cryptography and access control
S. De Capitani di VimercatiPrimo
;S. ForestiSecondo
;P. SamaratiUltimo
2007
Abstract
Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, we first illustrate the basic principles on which an architecture for combining access control and cryptography can be built. We then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power.
| File | Dimensione | Formato | |
|---|---|---|---|
|
p63-divimercati.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
575.88 kB
Formato
Adobe PDF
|
575.88 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
