Paper 2013/277

ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments

Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo

Abstract

The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. The final version of this paper has been published at ARES 2011
Keywords
Encrypted PoliciesSensitive Policy EvaluationData OutsourcingCloud ComputingPrivacySecurity
Contact author(s)
asghar @ disi unitn it
History
2013-05-16: received
Short URL
https://ia.cr/2013/277
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/277,
      author = {Muhammad Rizwan Asghar and Mihaela Ion and Giovanni Russello and Bruno Crispo},
      title = {{ESPOON}: Enforcing Encrypted Security Policies in Outsourced Environments},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/277},
      year = {2013},
      url = {https://eprint.iacr.org/2013/277}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.