We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.
An authorization model for query execution in the cloud / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati. - In: VLDB JOURNAL. - ISSN 1066-8888. - 31:3(2022), pp. 555-579. [10.1007/s00778-021-00709-x]
An authorization model for query execution in the cloud
S. De Capitani di VimercatiPrimo
;S. ForestiSecondo
;G. Livraga;P. SamaratiUltimo
2022
Abstract
We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.File | Dimensione | Formato | |
---|---|---|---|
dfjlps-vldbj2021.pdf
Open Access dal 07/11/2022
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
916.73 kB
Formato
Adobe PDF
|
916.73 kB | Adobe PDF | Visualizza/Apri |
DeCapitaniDiVimercati2021_Article_AnAuthorizationModelForQueryEx(1).pdf
accesso aperto
Tipologia:
Publisher's version/PDF
Dimensione
1.86 MB
Formato
Adobe PDF
|
1.86 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.