{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T06:19:35Z","timestamp":1775283575445,"version":"3.50.1"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2009,9,1]],"date-time":"2009-09-01T00:00:00Z","timestamp":1251763200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Web"],"published-print":{"date-parts":[[2009,9]]},"abstract":"<jats:p>\n            With fast-paced growth of digital data and exploding storage management costs, enterprises are looking for new ways to effectively manage their data. One such cost-effective paradigm is the cloud storage model also referred to as Storage-as-a-Service, in which enterprises\n            <jats:italic>outsource<\/jats:italic>\n            their storage to a storage service provider (SSP) by storing data (usually encrypted) at a remote SSP-managed site and accessing it over a high speed network. Along with storage capacity used, the SSP often charges clients on the amount of data that is accessed from the SSP site. Thus, it is in the interest of the client enterprise to download only\n            <jats:italic>relevant<\/jats:italic>\n            content. This makes search over outsourced storage an important capability. Searching over encrypted outsourced storage, however, is a complex challenge. Each enterprise has different access privileges for different users and this access control needs to be preserved during search (for example, ensuring that a user cannot search through data that is inaccessible from the filesystem due to its permissions). Secondly, the search mechanism has to preserve confidentiality from the SSP and indices can not be stored in plain text.\n          <\/jats:p>\n          <jats:p>\n            In this article, we present a new filesystem search technique that integrates access control and indexing\/search mechanisms into a unified framework to support access control aware search. Our approach performs indexing within the trusted enterprise domain and uses a novel access control barrel (ACB) primitive to encapsulate access control within these indices. The indices are then systematically encrypted and shipped to the SSP for hosting. Unlike existing enterprise search techniques, our approach is resilient to various common attacks that leak private information. Additionally, to the best of our knowledge, our approach is a first such technique that allows search indices to be hosted at the SSP site, thus effectively providing\n            <jats:italic>search-as-a-service<\/jats:italic>\n            . This does not require the client enterprise to fully trust the SSP for data confidentiality. We describe the architecture and implementation of our approach and a detailed experimental analysis comparing with other approaches.\n          <\/jats:p>","DOI":"10.1145\/1594173.1594175","type":"journal-article","created":{"date-parts":[[2009,9,22]],"date-time":"2009-09-22T14:09:47Z","timestamp":1253628587000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["Search-as-a-service"],"prefix":"10.1145","volume":"3","author":[{"given":"Aameek","family":"Singh","sequence":"first","affiliation":[{"name":"IBM Almaden Research Center, San Jose, CA"}]},{"given":"Mudhakar","family":"Srivatsa","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center"}]},{"given":"Ling","family":"Liu","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology"}]}],"member":"320","published-online":{"date-parts":[[2009,9,24]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"http:\/\/aws.amazon.com\/s3. (Accessed","author":"Amazon Simple Storage Service","year":"2009","unstructured":"Amazon Simple Storage Service . http:\/\/aws.amazon.com\/s3. (Accessed May 2009 ). Amazon Simple Storage Service. http:\/\/aws.amazon.com\/s3. (Accessed May 2009)."},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB).","author":"Bawa M.","unstructured":"Bawa , M. , Bayardo , R. , and Agarwal , R . 2003. Privacy-preserving indexing of documents on the network . In Proceedings of the International Conference on Very Large Databases (VLDB). Bawa, M., Bayardo, R., and Agarwal, R. 2003. Privacy-preserving indexing of documents on the network. In Proceedings of the International Conference on Very Large Databases (VLDB)."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the International Cryptology Conference (EUROCRYPT).","author":"Boneh D.","unstructured":"Boneh , D. , Crescenzo , G. , Ostrovsky , R. , and Persiano , G . 2004. Public key encryption with keyword search . In Proceedings of the International Cryptology Conference (EUROCRYPT). Boneh, D., Crescenzo, G., Ostrovsky, R., and Persiano, G. 2004. Public key encryption with keyword search. In Proceedings of the International Cryptology Conference (EUROCRYPT)."},{"key":"e_1_2_1_4_1","volume-title":"Are you ready to outsource your storage&quest","author":"Brick F.","unstructured":"Brick , F. 2003. Are you ready to outsource your storage&quest ; Computer Technology Review . Brick, F. 2003. Are you ready to outsource your storage&quest; Computer Technology Review."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies (FAST).","author":"B\u00fcttcher S.","unstructured":"B\u00fcttcher , S. and Clarke , C . 2005. A security model for full-text file system search in multi-user environments . In Proceedings of the USENIX Conference on File and Storage Technologies (FAST). B\u00fcttcher, S. and Clarke, C. 2005. A security model for full-text file system search in multi-user environments. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST)."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_30"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS).","author":"Chor B.","unstructured":"Chor , B. , Goldreich , O. , Kushilevitz , E. , and Sudan , M . 1995. Private information retrieval . In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS). Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M. 1995. Private information retrieval. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS)."},{"key":"e_1_2_1_8_1","volume-title":"http:\/\/www.coveo.com. (Accessed","author":"Coveo Enterprise Search","year":"2009","unstructured":"Coveo Enterprise Search . http:\/\/www.coveo.com. (Accessed May 2009 ). Coveo Enterprise Search. http:\/\/www.coveo.com. (Accessed May 2009)."},{"key":"e_1_2_1_9_1","volume-title":"http:\/\/www.gartner.com. (Accessed","author":"Gartner Group","year":"2009","unstructured":"Gartner Group . http:\/\/www.gartner.com. (Accessed May 2009 ). Gartner Group. http:\/\/www.gartner.com. (Accessed May 2009)."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS).","author":"Goh E.","unstructured":"Goh , E. , Shacham , H. , Modadugu , N. , and Boneh , D . 2003. SiRiUS: Securing remote untrusted storage . In Proceedings of the Network and Distributed System Security Symposium (NDSS). Goh, E., Shacham, H., Modadugu, N., and Boneh, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_2_1_11_1","volume-title":"http:\/\/desktop.google.com. (Accessed","author":"Google Desktop","year":"2009","unstructured":"Google Desktop . http:\/\/desktop.google.com. (Accessed May 2009 ). Google Desktop. http:\/\/desktop.google.com. (Accessed May 2009)."},{"key":"e_1_2_1_12_1","volume-title":"http:\/\/www.google.com\/enterprise. (Accessed","author":"Google Enterprise Search","year":"2009","unstructured":"Google Enterprise Search . http:\/\/www.google.com\/enterprise. (Accessed May 2009 ). Google Enterprise Search. http:\/\/www.google.com\/enterprise. (Accessed May 2009)."},{"key":"e_1_2_1_13_1","unstructured":"Grunbacher A. and Nuremberg A. POSIX Access Control Lists on Linux. http:\/\/www.suse.de\/~agruen\/acl\/linux-acls\/online. (Accessed May 2009).  Grunbacher A. and Nuremberg A. POSIX Access Control Lists on Linux. http:\/\/www.suse.de\/~agruen\/acl\/linux-acls\/online. (Accessed May 2009)."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/564691.564717"},{"key":"e_1_2_1_15_1","unstructured":"He D. Cleaned W3C Subcollections. http:\/\/www.sis.pitt.edu\/~daqing\/w3c-cleaned.html. (Accessed May 2009).  He D. Cleaned W3C Subcollections. http:\/\/www.sis.pitt.edu\/~daqing\/w3c-cleaned.html. (Accessed May 2009)."},{"key":"e_1_2_1_16_1","volume-title":"http:\/\/www-935.ibm.com\/services\/us\/index.wss\/offerfamily\/bcrs\/a1026934. (Accessed","author":"Ibm Protection Services","year":"2009","unstructured":"Ibm Protection Services . http:\/\/www-935.ibm.com\/services\/us\/index.wss\/offerfamily\/bcrs\/a1026934. (Accessed May 2009 ). Ibm Protection Services. http:\/\/www-935.ibm.com\/services\/us\/index.wss\/offerfamily\/bcrs\/a1026934. (Accessed May 2009)."},{"key":"e_1_2_1_17_1","volume-title":"http:\/\/www.indexengines.com\/product_enterprise_search_appliance.htm. (Accessed","author":"Index Engines Enterprise Search","year":"2009","unstructured":"Index Engines Enterprise Search . http:\/\/www.indexengines.com\/product_enterprise_search_appliance.htm. (Accessed May 2009 ). Index Engines Enterprise Search. http:\/\/www.indexengines.com\/product_enterprise_search_appliance.htm. (Accessed May 2009)."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies (FAST).","author":"Kallahalla M.","unstructured":"Kallahalla , M. , Riedel , E. , Swaminathan , R. , Wang , Q. , and Fu , K . 2003. Plutus: Scalable secure file sharing on untrusted storage . In Proceedings of the USENIX Conference on File and Storage Technologies (FAST). Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST)."},{"key":"e_1_2_1_19_1","unstructured":"Krawczyk H. Bellare M. and Canetti R. HMAC: Keyed-hashing for message authentication. http:\/\/www.faqs.org\/rfcs\/rfc2104.html. (Accessed May 2009).  Krawczyk H. Bellare M. and Canetti R. HMAC: Keyed-hashing for message authentication. http:\/\/www.faqs.org\/rfcs\/rfc2104.html. (Accessed May 2009)."},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the International Conference on Distributed Computing Systems (ICDCS).","author":"Kretser O.","unstructured":"Kretser , O. , Moffat , A. , Shimmin , T. , and Zobel , J . 1998. Methodologies for distributed information retrieval . In Proceedings of the International Conference on Distributed Computing Systems (ICDCS). Kretser, O., Moffat, A., Shimmin, T., and Zobel, J. 1998. Methodologies for distributed information retrieval. In Proceedings of the International Conference on Distributed Computing Systems (ICDCS)."},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI).","author":"Li J.","unstructured":"Li , J. , Krohn , M. , and Mazieres , D . 2004. Secure untrusted data repository SUNDR . In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI). Li, J., Krohn, M., and Mazieres, D. 2004. Secure untrusted data repository SUNDR. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_2_1_22_1","unstructured":"Linux Manual Pages. man command-name.  Linux Manual Pages. man command-name."},{"key":"e_1_2_1_23_1","unstructured":"McCallum A. Bow: A toolkit for statistical language modeling text retrieval classification and clustering. http:\/\/www.cs.cmu.edu\/~mccallum\/bow. (Accessed May 2009).  McCallum A. Bow: A toolkit for statistical language modeling text retrieval classification and clustering. http:\/\/www.cs.cmu.edu\/~mccallum\/bow. (Accessed May 2009)."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361061"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the Text Retrieval Conference (TREC).","author":"Robertson S.","unstructured":"Robertson , S. , Walker , S. , and Beaulieu , M . 1998. Okapi at trec-7: Automatic ad hoc, filtering, vlc and interactive . In Proceedings of the Text Retrieval Conference (TREC). Robertson, S., Walker, S., and Beaulieu, M. 1998. Okapi at trec-7: Automatic ad hoc, filtering, vlc and interactive. In Proceedings of the Text Retrieval Conference (TREC)."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2008.4497508"},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the IEEE International Conference on Web Services (ICWS).","author":"Singh A.","unstructured":"Singh , A. , Srivatsa , M. , and Liu , L . 2007. Efficient and Secure Search of Enterprise File Sytems . Proceedings of the IEEE International Conference on Web Services (ICWS). Singh, A., Srivatsa, M., and Liu, L. 2007. Efficient and Secure Search of Enterprise File Sytems. Proceedings of the IEEE International Conference on Web Services (ICWS)."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the IEEE Security and Privacy Symposium.","author":"Song D.","unstructured":"Song , D. , Wagner , D. , and Perrig , A . 2000. Practical techniques for searches over encrypted data . In Proceedings of the IEEE Security and Privacy Symposium. Song, D., Wagner, D., and Perrig, A. 2000. Practical techniques for searches over encrypted data. In Proceedings of the IEEE Security and Privacy Symposium."},{"key":"e_1_2_1_29_1","volume-title":"http:\/\/www.sun.com\/solutions\/cloudcomputing\/index.jsp. (Accessed","author":"Grid","year":"2009","unstructured":"SUN Grid . http:\/\/www.sun.com\/solutions\/cloudcomputing\/index.jsp. (Accessed May 2009 ). SUN Grid. http:\/\/www.sun.com\/solutions\/cloudcomputing\/index.jsp. (Accessed May 2009)."},{"key":"e_1_2_1_30_1","volume-title":"http:\/\/www.ins.cwi.nl\/projects\/trec-ent. (Accessed","author":"Enterprise Track","year":"2009","unstructured":"TREC Enterprise Track . http:\/\/www.ins.cwi.nl\/projects\/trec-ent. (Accessed May 2009 ). TREC Enterprise Track. http:\/\/www.ins.cwi.nl\/projects\/trec-ent. (Accessed May 2009)."},{"key":"e_1_2_1_31_1","unstructured":"Windows Desktop Search for Enterprise.http:\/\/www.microsoft.com\/windows\/desktopsearch. (Accessed May 2009).  Windows Desktop Search for Enterprise.http:\/\/www.microsoft.com\/windows\/desktopsearch. (Accessed May 2009)."},{"key":"e_1_2_1_32_1","volume-title":"Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann.","author":"Witten I.","year":"1999","unstructured":"Witten , I. , Moffat , A. , and Bell , T. C . 1999 . Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann. Witten, I., Moffat, A., and Bell, T. C. 1999. Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann."}],"container-title":["ACM Transactions on the Web"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1594173.1594175","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1594173.1594175","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:56:27Z","timestamp":1750254987000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1594173.1594175"}},"subtitle":["Outsourced search over outsourced storage"],"short-title":[],"issued":{"date-parts":[[2009,9]]},"references-count":32,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2009,9]]}},"alternative-id":["10.1145\/1594173.1594175"],"URL":"https:\/\/doi.org\/10.1145\/1594173.1594175","relation":{},"ISSN":["1559-1131","1559-114X"],"issn-type":[{"value":"1559-1131","type":"print"},{"value":"1559-114X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,9]]},"assertion":[{"value":"2007-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-09-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}