Enforcing Dynamic Read and Write Privileges

  • Giovanni Livraga
Part of the Advances in Information Security book series (ADIS, volume 57)


As illustrated in Chap.  1 of this book, users and companies are more and more resorting on external providers for storing their data and making them available to others. When the release is selective, meaning that different users are authorized by the data owner to access different portions of the released data, there is the problem of ensuring that accesses to resources be allowed to authorized users only. Recent approaches based on selective encryption provide convenient enforcement of read privileges over outsourced resources, but are not directly applicable for supporting write privileges. In addition, they cannot easily support the enforcement of a subscription-based authorization policy where, due to new subscriptions and the publication of new resources, both the set of users who can access a resource and the set of resources change frequently over time. In this chapter, we build upon the selective encryption approach to propose an efficient solution for enforcing dynamic read and write privileges over outsourced data. We also define an effective mechanism for checking data integrity. Finally, we enhance our solution to effectively support the definition of subscription-based authorizations.


  1. 5.
    M.J. Atallah, K.B. Frikken, M. Blanton, Dynamic and efficient key management for access hierarchies, in Proceedings of CCS 2005, Alexandria, VA, 2005Google Scholar
  2. 10.
    M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in Proceedings of CRYPTO 1996, Santa Barbara, CA, 1996Google Scholar
  3. 11.
    E. Bertino, C. Bettini, E. Ferrari, P. Samarati, An access control model supporting periodicity constraints and temporal reasoning. ACM TODS 23(3), 231–285 (1998)CrossRefGoogle Scholar
  4. 12.
    C. Bettini, C. Dyreson, W. Evans, R. Snodgrass, X.S. Wang, A glossary of time granularity concepts, in Temporal Databases: Research and Practice, LNCS 1399, ed. by O. Etzion, S. Jajodia, S. Sripada (Springer, Berlin, 1998), pp. 406–413CrossRefGoogle Scholar
  5. 37.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Encryption policies for regulating access to outsourced data. ACM TODS 35(2), 12:1–12:46 (2010)Google Scholar
  6. 39.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Support for write privileges on outsourced data. in Proceedings of SEC 2012, Heraklion, 2012Google Scholar
  7. 40.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, Enforcing subscription-based authorization policies in cloud scenarios, in Proceedings of DBSec 2012, Paris, 2012Google Scholar
  8. 41.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati, Enforcing dynamic write privileges in data outsourcing. Comput. Secur. 39, 47–63 (2013)CrossRefGoogle Scholar
  9. 44.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, and P. Samarati, Integrity for distributed queries, in Proceedings of CNS 2014, San Francisco, CA (2014)Google Scholar
  10. 95.
    P. Samarati, S. De Capitani di Vimercati, Access control: Policies, models, and mechanisms, in Foundations of Security Analysis and Design, LNCS 2171, ed. by R. Focardi, R. Gorrieri (Springer, Berlin, 2001)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Giovanni Livraga
    • 1
  1. 1.Universita degli Studi di MilanoCremaItaly

Personalised recommendations