We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.

An authorization model for query execution in the cloud / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati. - In: VLDB JOURNAL. - ISSN 1066-8888. - 31:3(2022), pp. 555-579. [10.1007/s00778-021-00709-x]

An authorization model for query execution in the cloud

S. De Capitani di Vimercati
Primo
;
S. Foresti
Secondo
;
G. Livraga;P. Samarati
Ultimo
2022

Abstract

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced accounting for the information content carried in the computation to ensure no information is improperly leaked and adjusting visibility of data on-the-fly. Assignment of operations to subjects takes into consideration the cost of operation execution as well as of the encryption/decryption operations needed to make the assignment authorized. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.
Authorization model; Collaborative query evaluation; Plaintext and encrypted visibility; Implicit attributes; Equivalent attributes; Relation profile
Settore INF/01 - Informatica
H20_RIA19PSAMA_01 - Multi-Owner data Sharing for Analytics and Integration respecting Confidentiality and Owner control (MOSAICrOWN) - SAMARATI, PIERANGELA - H20_RIA - Horizon 2020_Research & Innovation Action/Innovation Action - 2019
Machine Learning-based, Networking and Computing Infrastructure Resource Management of 5G and beyond Intelligent Networks (MARSAL)
6-nov-2021
Article (author)
File in questo prodotto:
File Dimensione Formato  
dfjlps-vldbj2021.pdf

embargo fino al 06/11/2022

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 916.73 kB
Formato Adobe PDF
916.73 kB Adobe PDF Visualizza/Apri
DeCapitaniDiVimercati2021_Article_AnAuthorizationModelForQueryEx(1).pdf

accesso aperto

Tipologia: Publisher's version/PDF
Dimensione 1.86 MB
Formato Adobe PDF
1.86 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/883865
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact