DMCA
ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments (2011)
Cached
Download Links
| Venue: | In The Sixth International Conference on Availability, Reliability and Security, ARES’11 |
| Citations: | 6 - 4 self |
Citations
| 480 | B.: Attribute-based encryption for finegrained access control of encrypted data - Goyal, Pandey, et al. - 2006 |
| 405 | A.: Practical techniques for searches on encrypted data
- Song, Wagner, et al.
(Show Context)
Citation Context ...tsourced environment. Several techniques have been proposed allowing authorised users to perform efficient queries on the encrypted data while not revealing information on the data and the query [2], =-=[6]-=-–[15]. However, these techniques do not support the case of users having different access rights over the protected data. Their assumption is that once a user is authorised to perform search operation... |
| 400 | Ciphertext-policy attributebased encryption
- Bethencourt, Sahai, et al.
- 2007
(Show Context)
Citation Context ...s still possible to use them as access control mechanisms in outsourced settings. For instance, a recent work by Narayan et al. [19] employ the variant of Attribute Based Encryption (ABE) proposed in =-=[20]-=- (that is the Ciphertext Policy ABE, or CP-ABE in short) to construct an outsourced healthcare system where patients can securely store their Electronic Health Record (EHR). In their solution, each EH... |
| 364 | G.: Public key encryption with keyword search - Boneh, Crescenzo, et al. |
| 352 | Fuzzy identity-based encryption - Sahai, Waters |
| 171 | R.: Searchable symmetric encryption: improved definitions and efficient constructions - Curtmola, Garay, et al. |
| 119 | Attribute-based encryption with nonmonotonic access structures
- Ostrovsky, Sahai, et al.
- 2007
(Show Context)
Citation Context ...ormation on the data by accessing the attributes expressed in the CP-ABE policies. The problem of having the access structure expressed in cleartext affects in general all the ABE constructions [20]– =-=[23]-=-. Therefore, this mechanism is not suited for protecting the confidentiality of the access policies in an outsourced environment. Related to the issue of the confidentiality of the access structure, t... |
| 118 | Dynamic and efficient key management for access hierarchies
- Atallah, Frikken, et al.
(Show Context)
Citation Context ...n catalogue. This requires each user to obtain the key for accessing a resource by traversing the key derivation structure. The key derivation structure is a graph built (using access key hierarchies =-=[18]-=-) from a classical access matrix. There are several issues related to this scheme. First, the algorithm of building key derivation structure is very time consuming. Any administrative actions to updat... |
| 92 | Secure conjunctive keyword search over encrypted data - Golle, Staddon, et al. |
| 69 | Concealing complex policies with hidden credentials
- Bradshaw, Holt, et al.
- 2004
(Show Context)
Citation Context ...e., the operators (AND, OR, m-of-n threshold encryption) used in the policy but she does not learn what credentials are required to fulfil the access policy unless she possesses them. Bradshaw et al. =-=[25]-=- extend the original hidden credentials scheme to limit the partial disclosure of the policy structure and speed up the decryption operations. However, in this scheme is not easy to support non-monoto... |
| 49 | On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing
- Dijk, Juels
- 2010
(Show Context)
Citation Context ...SION This section provides the discussion about the security and privacy aspects of ESPOON. A. On the Impossibility of Cryptography Alone for PrivacyPreserving Cloud Computing Dijk and Juels argue in =-=[27]-=- that cryptography alone is not sufficient for preserving the privacy in the cloud environment. They prove that in multi-client settings it is impossible to control how information is released to clie... |
| 43 | Shared and searchable encrypted data for untrusted servers
- Dong, Russello, et al.
- 2010
(Show Context)
Citation Context ...ded and/or malicious purposes. Several technical approaches have been proposed to guarantee the confidentiality of the data in an outsourced environment. For instance, solutions as those described in =-=[2]-=-, [3] allow a protected storage of data while maintaining basic search capabilities to be performed on the server side. However, such solutions do not support access policies to regulate the access of... |
| 38 | Public key encryption with keyword search revisited - Baek, Safavi-Naini, et al. - 2008 |
| 34 | Public key encryption with conjunctive keyword search and its extension to a multiuser system. Pairing - Hwang, Lee |
| 29 |
Privacy preserving ehr system using attributebased infrastructure,” ser
- Narayan, Gagn´e, et al.
(Show Context)
Citation Context ...proaches were not devised particularly for outsourced environments, it is still possible to use them as access control mechanisms in outsourced settings. For instance, a recent work by Narayan et al. =-=[19]-=- employ the variant of Attribute Based Encryption (ABE) proposed in [20] (that is the Ciphertext Policy ABE, or CP-ABE in short) to construct an outsourced healthcare system where patients can securel... |
| 22 | A Data Outsourcing Architecture Combining Cryptography and
- Vimercati, Foresti, et al.
(Show Context)
Citation Context ... there are no restrictions on the queries that can be performed and the data that can be accessed. The idea of using an access control mechanism in an outsourced environment was initially explored in =-=[16]-=-, [17]. In this approach, the authors provide a selective encryption strategy as a means for access control enforcement. The idea is to have a selective encryption technique where each user has a diff... |
| 21 | Authorisation and conflict resolution for hierarchical domains
- Rusello, Dong, et al.
- 2007
(Show Context)
Citation Context ... processing cost for performing any administrative change for both the users and the policies representing the access rights. A policy-based solution such the one described for the Ponder language in =-=[5]-=- results more flexible and easy to manage because it clearly separates the security policies from the enforcement mechanism. However, policy-based access control mechanisms were not designed to operat... |
| 18 |
Secure searchable public key encryption scheme against keyword guessing attacks
- Rhee, Susilo, et al.
(Show Context)
Citation Context ...he policies regulating the accesses to the data. As for the data, we assume that the confidentiality data is protected by one of the several techniques available for outsourced environments (see [2], =-=[14]-=-, [15]). However, to the best of our knowledge no solution exists that addresses the problem of guaranteeing policy confidentiality while allowing an efficient evaluation mechanism that is clearly sep... |
| 14 | Preserving confidentiality of security policies in data outsourcing
- Vimercati, Foresti, et al.
- 2008
(Show Context)
Citation Context ...on Solutions for providing access control mechanisms in outsourced environments have mainly focused on encryption techniques that couple access policies with set of keys, such as the one described in =-=[4]-=-. Only users possessing a key (or a set of hierarchy-derivable keys) are authorised to access the data. The main drawback of these solutions is that security policies are tightly coupled with the secu... |
| 11 | Range Queries on Encrypted Data - Boneh, Waters, et al. - 2007 |
| 11 |
Proxy re-encryption with keyword search
- Shao, Cao, et al.
- 2010
(Show Context)
Citation Context ...rced environment. Several techniques have been proposed allowing authorised users to perform efficient queries on the encrypted data while not revealing information on the data and the query [2], [6]–=-=[15]-=-. However, these techniques do not support the case of users having different access rights over the protected data. Their assumption is that once a user is authorised to perform search operations, th... |
| 9 | Cryptographic Cloud Storage. Financial Cryptography and Data - Kamara, Lauter |
| 5 | Threshold privacy preserving keyword searches - Wang, Wang, et al. - 2008 |
| 4 |
Outside it: the case for full it outsourcing,” Healthcare financial management
- Ondo, Smith
- 2006
(Show Context)
Citation Context ...operations provided makes outsourcing of the IT infrastructure a business model adopted by many companies. Even sectors such as healthcare initially reluctant to this model are now slowly adopting it =-=[1]-=-. Outsourcing typically relies on third parties to provide and maintain a very reliable IT infrastructure. However, the data stored on the outsourced servers are within easy reach of the infrastructur... |
| 4 |
rfc 2753: A framework for policy based admission control
- Yavatkar, Guerin
- 2000
(Show Context)
Citation Context ...n be deployed in an outsourced environment. Figure 1 illustrates the proposed architecture that has similar components as the widely accepted architecture for policy-based management proposed by IETF =-=[26]-=-. In ESPOON, the Admin User deploys (i) the access policies to the Administration Point that stores (ii) the policies in the Policy Store. Whenever a Requester, say a doctor, needs to access the data,... |
| 2 |
management of access control evolution on outsourced data
- “Over-encryption
(Show Context)
Citation Context ... are no restrictions on the queries that can be performed and the data that can be accessed. The idea of using an access control mechanism in an outsourced environment was initially explored in [16], =-=[17]-=-. In this approach, the authors provide a selective encryption strategy as a means for access control enforcement. The idea is to have a selective encryption technique where each user has a different ... |
