Skip to main content
SpringerLink
Log in

Selective and Fine-Grained Access to Data in the Cloud

  • Chapter
  • First Online:
Secure Cloud Computing

Abstract

This chapter surveys some of the research results related to the protection and efficient access to data stored and managed by external cloud servers. We first provide an overview of the security and privacy problems and challenges that need to be considered, and then illustrate emerging approaches for protecting data externally stored, and for enforcing fine-grained (queries) and selective (access control) accesses on them. Finally, we show how the combined application of the solutions discussed may introduce privacy problems that should be carefully considered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: Proc. of CIDR 2005. Asilomar, CA, USA (January 2005)

    Google Scholar 

  2. Agrawal, R., Asonov, D., Kantarcioglu, M., Li, Y.: Sovereign joins. In: Proc. of ICDE 2006. Atlanta, GA, USA (April 2006)

    Google Scholar 

  3. Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. of SIGMOD 2004. Paris, France (June 2004)

    Google Scholar 

  4. Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the PRIME project. JCS 18(1), 123–160 (2010)

    Google Scholar 

  5. Ardagna, C.A., De Capitani di Vimercati Sabrina, S., Foresti, S., Paraboschi, S., Samarati, P.: Minimizing disclosure of private information in credential-based interactions: A graph-based approach. In: Proc. of PASSAT 2010. Minneapolis, MN, USA (August 2010)

    Google Scholar 

  6. Ardagna, C.A., De Capitani di Vimercati Sabrina, S., Foresti, S., Paraboschi, S., Samarati, P.: Supporting privacy preferences in credential-based interactions. In: Proc. of WPES 2010. Chicago, IL, USA (October 2010)

    Google Scholar 

  7. Ardagna, C.A., De Capitani di Vimercati Sabrina, S., Foresti, S., Paraboschi, S., Samarati, P.: Minimising disclosure of client information in credential-based interactions. IJIPSI 1(2/3), 205–233 (2012)

    Google Scholar 

  8. Ardagna, C.A., De Capitani di Vimercati Sabrina, S., Paraboschi, S., Pedrini, E., Samarati, P., Verdicchio, M.: Expressive and deployable access control in open Web service applications. IEEE TSC 4(2), 96–109 (April-June 2011)

    Google Scholar 

  9. Ardagna, C.A., Jajodia, S., Samarati, P., Stavrou, A.: Providing users’ anonymity in mobile hybrid networks. ACM TOIT (2013)

    Google Scholar 

  10. Atallah, M., Blanton, M., Fazio, N., Frikken, K.: Dynamic and efficient key management for access hierarchies. ACM TISSEC 12(3), 18:1–18:43 (January 2009)

    Google Scholar 

  11. Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: On the propagation of faults and their detection in a hardware implementation of the advanced encryption standard. In: Proc. of ASAP 2002. San Jose, CA, USA (July 2002)

    Google Scholar 

  12. Blanton, M., Frikken, K.: Efficient multi-dimensional key management in broadcast services. In: Proc. of ESORICS 2010. Athens, Grece (September 2010)

    Google Scholar 

  13. Bonatti, P., Samarati, P.: A uniform framework for regulating service access and information release on the Web. JCS 10(3), 241–272 (2002)

    Google Scholar 

  14. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Proc. of EUROCRYPT 2003. Warsaw, Poland (May 2003)

    Google Scholar 

  15. Calì, A., Martinenghi, D.: Querying data under access limitations. In: Proc. of ICDE 2008. Cancun, Mexico (April 2008)

    Google Scholar 

  16. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proc. of EUROCRYPT 2001. Innsbruck, Austria (May 2001)

    Google Scholar 

  17. Ceselli, A., Damiani, E., De Capitani di Vimercati Sabrina, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM TISSEC 8(1), 119–152 (February 2005)

    Google Scholar 

  18. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. Journal of ACM 45(6), 965–981 (April 1998)

    Article  MATH  MathSciNet  Google Scholar 

  19. Cimato, S., Gamassi, M., Piuri, V., Sassi, R., Scotti, F.: Privacy-aware biometrics: Design and implementation of a multimodal verification system. In: Proc. of ACSAC 2008. Anaheim, CA, USA (December 2008)

    Google Scholar 

  20. Ciriani, V., De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Proc. of ESORICS 2009. Saint Malo, France (September 2009)

    Google Scholar 

  21. Ciriani, V., De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM TISSEC 13(3), 22:1–22:33 (July 2010)

    Google Scholar 

  22. Damiani, E., De Capitani di Vimercati Sabrina, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of CCS 2003. Washington, DC, USA (October 2003)

    Google Scholar 

  23. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Livraga, G. Paraboschi, S., Samarati, P.: Enforcing Dynamic Write Privileges in Data Outsourcing. COSE 39(A), 47–63 (November 2013)

    Google Scholar 

  24. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (April 2010)

    Google Scholar 

  25. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragments and loose associations: Respecting privacy in data publishing. PVLDB 3(1), 1370–1381 (September 2010)

    Google Scholar 

  26. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Authorization enforcement in distributed query evaluation. JCS 19(4), 751–794 (2011)

    Google Scholar 

  27. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Private data indexes for selective access to outsourced data. In: Proc. of WPES 2011. Chicago, IL, USA (October 2011)

    Google Scholar 

  28. De Capitani di Vimercati Sabrina, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: On information leakage by indexes over data fragments. In: Proc. of PrivDB 2013. Brisbane, Australia (April 2013)

    Google Scholar 

  29. De Capitani di Vimercati Sabrina, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: Proc. of ICDCS 2011. Minneapolis, MN, USA (June 2011)

    Google Scholar 

  30. De Capitani di Vimercati Sabrina, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Supporting concurrency in private data outsourcing. In: Proc. of ESORICS 2011. Leuven, Belgium (September 2011)

    Google Scholar 

  31. De Capitani di Vimercati Sabrina, S., Foresti, S., Samarati, P.: Protecting data in outsourcing scenarios. In: Das, S., Kant, K., Zhang, N. (eds.) Handbook on Securing Cyber-Physical Critical Infrastructure. Morgan Kaufmann (2012)

    Google Scholar 

  32. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. of STOC 2009. Bethesda, MA, USA (May 2009)

    Google Scholar 

  33. Goodrich, M., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless Oblivious RAM simulation. In: Proc. of SODA 2012. Kyoto, Japan (January 2012)

    Google Scholar 

  34. Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of ICDE 2002. San Jose, CA, USA (February 2002)

    Google Scholar 

  35. Hacigümüs, H., Iyer, B., Mehrotra, S.: Ensuring integrity of encrypted databases in database as a service model. In: Proc. of DBSec 2003. Estes Park, CO, USA (August 2003)

    Google Scholar 

  36. Hacigümüs, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Proc. of DASFAA 2004. Jeju Island, Korea (March 2004)

    Google Scholar 

  37. Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of SIGMOD 2002. Madison, WI, USA (June 2002)

    Google Scholar 

  38. Jhawar, R., Piuri, V.: Fault tolerance management in IaaS clouds. In: Proc. of ESTEL 2012. Rome, Italy (October 2012)

    Google Scholar 

  39. Jhawar, R., Piuri, V., Samarati, P.: Supporting security requirements for resource management in cloud computing. In: Proc. of CSE 2012. Paphos, Cyprus (December 2012)

    Google Scholar 

  40. Kärger, P., Olmedilla, D., Balke, W.T.: Exploiting preferences for minimal credential disclosure in policy-driven trust negotiations. In: Proc. of SDM 2008. Auckland, New Zealand (August 2008)

    Google Scholar 

  41. Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: Proc. of SIGMOD 2006. Chicago, IL, USA (June 2006)

    Google Scholar 

  42. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of VLDB 2003. Berlin, Germany (September 2003)

    Google Scholar 

  43. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. ACM TOS 2(2), 107–138 (May 2006)

    Google Scholar 

  44. Samarati, P., De Capitani di Vimercati Sabrina, S.: Data protection in outsourcing scenarios: Issues and directions. In: Proc. of ASIACCS 2010. Beijing, China (April 2010)

    Google Scholar 

  45. Wang, H., Lakshmanan, L.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of VLDB 2006. Seoul, Korea (September 2006)

    Google Scholar 

  46. Wang, H., Yin, J., Perng, C., Yu, P.: Dual encryption for query integrity assurance. In: Proc. of CIKM 2008. Napa Valley, CA, USA (October 2008)

    Google Scholar 

  47. Williams, P., Sion, R.: Single round access privacy on outsourced storage. In: Proc. of CCS 2012. Raleigh, NC, USA (October 2012)

    Google Scholar 

  48. Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In: Proc. of CCS 2008. Alexandria, VA, USA (October 2008)

    Google Scholar 

  49. Wong, C., Gouda, M., Lam, S.: Secure group communications using key graphs. IEEE/ACM TON 8(1), 16–30 (February 2000)

    Article  Google Scholar 

  50. Xie, M., Wang, H., Yin, J., Meng, X.: Integrity auditing of outsourced data. In: Proc. of VLDB 2007. Vienna, Austria (September 2007)

    Google Scholar 

  51. Xie, M., Wang, H., Yin, J., Meng, X.: Providing freshness guarantees for outsourced databases. In: Proc. of EDBT 2008. Nantes, France (March 2008)

    Google Scholar 

  52. Yang, Y., Papadias, D., Papadopoulos, S., Kalnis, P.: Authenticated join processing in outsourced databases. In: Proc. of SIGMOD 2009. Providence, RI, USA (June-July 2009)

    Google Scholar 

  53. Yao, D., Frikken, K., Atallah, M., Tamassia, R.: Private information: To reveal or not to reveal. ACM TISSEC 12(1), 1–27 (October 2008)

    Article  Google Scholar 

Download references

Acknowledgements

The chapter is based on joint work with Sushil Jajodia and Stefano Paraboschi. This work was supported in part by the Italian Ministry of Research within PRIN 2010–2011 project “GenData 2020” (2010RTFWBH), and by Google under the Google Research Award program.

Author information

Authors and Affiliations

  1. Università degli Studi di Milano – Dipartimento di Informatica, Via Bramante 65, 26013, Crema, Italy

    Sabrina De Capitani di Vimercati, Sara Foresti & Pierangela Samarati

Authors
  1. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sara Foresti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierangela Samarati .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Krishna Kant

  3. University of Milan, Crema, Italy

    Pierangela Samarati

  4. Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA

    Anoop Singhal

  5. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  6. Computing and Information Science Division, Information Sciences Directorate, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

di Vimercati, S.D.C., Foresti, S., Samarati, P. (2014). Selective and Fine-Grained Access to Data in the Cloud. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9278-8_6

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9277-1

  • Online ISBN: 978-1-4614-9278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation