Distributed query execution under access restrictions

• Published in: Computers & security Vol. 127; p. 103056
• Main Authors: De Capitani di Vimercati, Sabrina, Foresti, Sara, Jajodia, Sushil, Livraga, Giovanni, Paraboschi, Stefano, Samarati, Pierangela
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.04.2023
• Subjects: Authorization model; Cloud computing; Controlled data sharing; Distributed query execution; Relation profile; Cloud computing; Authorization model; Relation profile; Controlled data sharing; Distributed query execution
• ISSN: 0167-4048
• DOI: 10.1016/j.cose.2022.103056

The availability of a multitude of data sources has naturally increased the need for subjects to collaborate for supporting distributed computations that combine different data collections for their elaboration and analysis. Due to the quick pace at which datasets grow, often the authorities collecting and owning such datasets resort to external third parties (e.g., cloud providers) for their storage and management. Data under the control of different authorities are autonomously encrypted (using different encryption schemes and keys) for their external storage. This makes distributed computations combining these sources difficult to support. In this paper, we propose an approach enabling collaborative computations over data encrypted in storage, selectively involving also subjects that might not be authorized for accessing the data in plaintext when their collaboration is considered economically convenient. We also consider the possible adoption of trusted hardware components, to enable the evaluation of operations over plaintext data at non-fully trusted computational providers. The experimental results confirm the economic benefits that can be enabled by our proposal.