Enforcing Multi-user Access Policies to Encrypted Cloud Databases

• Published in: 2011 International Symposium on Policies for Distributed Systems and Networks pp. 175 - 177
• Main Authors: Ion, M., Russello, G., Crispo, B.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2011
• Subjects: access control; cloud computing; Encryption; Keyword search; Logic gates; policy; Servers
• ISBN: 1424498791; 9781424498796
• DOI: 10.1109/POLICY.2011.14

Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Moreover, they can be of interest to many users and different policies could apply to each. Companies need new mechanisms to query the encrypted data without revealing anything to the cloud server, and to enforce access policies to the data. Current security schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, they are limited to keyword searches. Moreover, current solutions assume that all users have the same access rights to the data. This demo shows the implementation of a scheme that allows making SQL-like queries on encrypted databases in a multi-user setting, while at the same time allowing the database owner to assign different access rights to users.