Affiliations: [a] Dipartimento di Informatica, Università degli Studi di Milano, Italy. E-mails: [email protected], [email protected], [email protected] | [b] Dipartimento di Ingegneria Gestionale, dell’Informazione e della Produzione, Università degli Studi di Bergamo, Italy. E-mail: [email protected] | [c] Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, Italy. E-mail: [email protected]
Note: [1] A preliminary version of this paper appeared under the title “Access Control for the Shuffle Index,” in: Proc. of the 30th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2016), Trento, Italy, July 2016 [12].
Abstract: Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and/or observing users.
Keywords: Shuffle index, access control, data confidentiality, access confidentiality
