{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T19:46:10Z","timestamp":1757706370353,"version":"3.41.0"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2010,4,1]],"date-time":"2010-04-01T00:00:00Z","timestamp":1270080000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["216483"],"award-info":[{"award-number":["216483"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-09-01-0352"],"award-info":[{"award-number":["W911NF-09-01-0352"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-07-1-0527FA9550-09-1-0421FA9550-08-1-0157"],"award-info":[{"award-number":["FA9550-07-1-0527FA9550-09-1-0421FA9550-08-1-0157"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CT-20013ACT-0716567CT-0716323CT-0627493"],"award-info":[{"award-number":["CT-20013ACT-0716567CT-0716323CT-0627493"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Database Syst."],"published-print":{"date-parts":[[2010,4]]},"abstract":"<jats:p>\n            Current access control models typically assume that resources are under the strict custody of a trusted party which monitors each access request to verify if it is compliant with the specified access control policy. There are many scenarios where this approach is becoming no longer adequate. Many clear trends in Web technology are creating a need for owners of sensitive information to manage access to it by legitimate users using the services of\n            <jats:italic>honest but curious<\/jats:italic>\n            third parties, that is, parties trusted with providing the required service but not authorized to read the actual data content. In this scenario, the data owner encrypts the data before outsourcing and stores them at the server. Only the data owner and users with knowledge of the key will be able to decrypt the data. Possible access authorizations are to be enforced by the owner. In this article, we address the problem of enforcing selective access on outsourced data without need of involving the owner in the access control process. The solution puts forward a novel approach that combines cryptography with authorizations, thus enforcing access control via\n            <jats:italic>selective encryption<\/jats:italic>\n            . The article presents a formal model for access control management and illustrates how an authorization policy can be translated into an equivalent encryption policy while minimizing the amount of keys and cryptographic tokens to be managed. The article also introduces a two-layer encryption approach that allows the data owner to outsource, besides the data, the complete management of the authorization policy itself, thus providing efficiency and scalability in dealing with policy updates. We also discuss experimental results showing that our approach is able to efficiently manage complex scenarios.\n          <\/jats:p>","DOI":"10.1145\/1735886.1735891","type":"journal-article","created":{"date-parts":[[2010,5,4]],"date-time":"2010-05-04T14:14:06Z","timestamp":1272982446000},"page":"1-46","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":81,"title":["Encryption policies for regulating access to outsourced data"],"prefix":"10.1145","volume":"35","author":[{"given":"Sabrina De Capitani Di","family":"Vimercati","sequence":"first","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Crema, Italy"}]},{"given":"Sara","family":"Foresti","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Crema, Italy"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA"}]},{"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Bergamo, Dalmine, Italy"}]},{"given":"Pierangela","family":"Samarati","sequence":"additional","affiliation":[{"name":"Universit\u00e0 degli Studi di Milano, Crema, Italy"}]}],"member":"320","published-online":{"date-parts":[[2010,5,3]]},"reference":[{"volume-title":"Proceedings of the Conference on Innovative Data Systems Research (CIDR'05)","author":"Aggarwal G.","unstructured":"Aggarwal , G. , Bawa , M. , Ganesan , P. , Garcia-Molina , H. , Kenthapadi , K. , Motwani , R. , Srivastava , U. , Thomas , D. , and Xu , Y . 2005. Two can keep a secret: A distributed architecture for secure database services . In Proceedings of the Conference on Innovative Data Systems Research (CIDR'05) . VLDB Endowment, 186--199. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., and Xu, Y. 2005. Two can keep a secret: A distributed architecture for secure database services. In Proceedings of the Conference on Innovative Data Systems Research (CIDR'05). VLDB Endowment, 186--199.","key":"e_1_2_2_1_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_2_1","DOI":"10.1145\/1007568.1007632"},{"doi-asserted-by":"publisher","key":"e_1_2_2_3_1","DOI":"10.1145\/357369.357372"},{"doi-asserted-by":"publisher","key":"e_1_2_2_4_1","DOI":"10.1145\/1102120.1102147"},{"doi-asserted-by":"publisher","key":"e_1_2_2_5_1","DOI":"10.1145\/1180405.1180441"},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'97)","author":"Baralis E.","unstructured":"Baralis , E. , Paraboschi , S. , and Teniente , E . 1997. Materialized views selection in a multidimensional database . In Proceedings of the International Conference on Very Large Databases (VLDB'97) . Morgan Kaufmann, San Francisco, CA,156--165. Baralis, E., Paraboschi, S., and Teniente, E. 1997. Materialized views selection in a multidimensional database. In Proceedings of the International Conference on Very Large Databases (VLDB'97). Morgan Kaufmann, San Francisco, CA,156--165.","key":"e_1_2_2_6_1"},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'02)","author":"Bouganim L.","unstructured":"Bouganim , L. and Pucheral , P . 2002. Chip-Secured data access: Confidential data on untrusted servers . In Proceedings of the International Conference on Very Large Databases (VLDB'02) . VLDB Endowment, 131--142. Bouganim, L. and Pucheral, P. 2002. Chip-Secured data access: Confidential data on untrusted servers. In Proceedings of the International Conference on Very Large Databases (VLDB'02). VLDB Endowment, 131--142.","key":"e_1_2_2_7_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_8_1","DOI":"10.1145\/1053283.1053289"},{"doi-asserted-by":"publisher","key":"e_1_2_2_9_1","DOI":"10.1145\/293347.293350"},{"key":"e_1_2_2_10_1","volume-title":"S., Foresti, S., Jajodia, S., Paraboschi, S.","author":"Ciriani V.","year":"2007","unstructured":"Ciriani , V. , De Capitani di Vimercati , S., Foresti, S., Jajodia, S., Paraboschi, S. , and Samarati, P. 2007 . Fragmentation and encryption to enforce privacy in data storage. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'07). Springer , 225--239. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. Fragmentation and encryption to enforce privacy in data storage. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'07). Springer, 225--239."},{"doi-asserted-by":"publisher","key":"e_1_2_2_11_1","DOI":"10.14778\/1453856.1453947"},{"doi-asserted-by":"publisher","key":"e_1_2_2_12_1","DOI":"10.1109\/CSFW.2006.20"},{"key":"e_1_2_2_13_1","volume-title":"S., Foresti, S., Jajodia, S., Paraboschi, S.","author":"Damiani E.","year":"2007","unstructured":"Damiani , E. , De Capitani di Vimercati , S., Foresti, S., Jajodia, S., Paraboschi, S. , and Samarati, P. 2007 . An experimental evaluation of multi-key strategies for data outsourcing. In Proceedings of the IFIP International Conference on Information Security (SEC'07). Springer , 385--396. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. An experimental evaluation of multi-key strategies for data outsourcing. In Proceedings of the IFIP International Conference on Information Security (SEC'07). Springer, 385--396."},{"unstructured":"The DBLP Computer Science Bibliography. The DBLP computer science bibliography. http:\/\/dblp.uni-trier.de.  The DBLP Computer Science Bibliography. The DBLP computer science bibliography. http:\/\/dblp.uni-trier.de.","key":"e_1_2_2_14_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_15_1","DOI":"10.1145\/1456403.1456417"},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'07)","author":"De Capitani","unstructured":"De Capitani di Vimercati, S., Foresti , S. , Jajodia , S. , Paraboschi , S. , and Samarati , P . 2007. Over-Encryption: Management of access control evolution on outsourced data . In Proceedings of the International Conference on Very Large Databases (VLDB'07) . VLDB Endowment, 123--134. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P. 2007. Over-Encryption: Management of access control evolution on outsourced data. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 123--134.","key":"e_1_2_2_16_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_17_1","DOI":"10.1016\/j.ipl.2004.03.019"},{"doi-asserted-by":"publisher","key":"e_1_2_2_18_1","DOI":"10.1109\/TSE.1980.230489"},{"volume-title":"Proceedings of the International Conference on Data Engineering (ICDE'02)","author":"Hacig\u00fcm\u00fcs H.","unstructured":"Hacig\u00fcm\u00fcs , H. , Iyer , B. , and Mehrotra , S . 2002a. Providing database as a service . In Proceedings of the International Conference on Data Engineering (ICDE'02) . IEEE Computer Society, Washington, 29--39. Hacig\u00fcm\u00fcs, H., Iyer, B., and Mehrotra, S. 2002a. Providing database as a service. In Proceedings of the International Conference on Data Engineering (ICDE'02). IEEE Computer Society, Washington, 29--39.","key":"e_1_2_2_19_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_20_1","DOI":"10.1145\/564691.564717"},{"doi-asserted-by":"publisher","key":"e_1_2_2_21_1","DOI":"10.1016\/0167-4048(90)90132-D"},{"doi-asserted-by":"publisher","key":"e_1_2_2_22_1","DOI":"10.1016\/S0164-1212(02)00091-2"},{"volume-title":"Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS'97)","author":"Kushilevitz E.","unstructured":"Kushilevitz , E. and Ostrovsky , R . 1997. Replication is not needed: Single database, computationally-private information retrieval . In Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS'97) . IEEE Computer Society, Washington, 364. Kushilevitz, E. and Ostrovsky, R. 1997. Replication is not needed: Single database, computationally-private information retrieval. In Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS'97). IEEE Computer Society, Washington, 364.","key":"e_1_2_2_23_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_24_1","DOI":"10.1109\/32.31371"},{"doi-asserted-by":"publisher","key":"e_1_2_2_25_1","DOI":"10.1109\/TC.1985.1676635"},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'03)","author":"Miklau G.","unstructured":"Miklau , G. and Suciu , D . 2003. Controlling access to published data using cryptography . In Proceedings of the International Conference on Very Large Databases (VLDB'03) . VLDB Endowment, 898--909. Miklau, G. and Suciu, D. 2003. Controlling access to published data using cryptography. In Proceedings of the International Conference on Very Large Databases (VLDB'03). VLDB Endowment, 898--909.","key":"e_1_2_2_26_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_27_1","DOI":"10.1145\/1149976.1149977"},{"doi-asserted-by":"publisher","key":"e_1_2_2_28_1","DOI":"10.1145\/945721.945722"},{"doi-asserted-by":"publisher","key":"e_1_2_2_29_1","DOI":"10.1145\/1314333.1314345"},{"doi-asserted-by":"crossref","unstructured":"Samarati P. and De Capitani di Vimercati S. 2001. Access control: Policies models and mechanisms. In Foundations of Security Analysis and Design R. Focardi and R. Gorrieri Eds. Springer 137--196.   Samarati P. and De Capitani di Vimercati S. 2001. Access control: Policies models and mechanisms. In Foundations of Security Analysis and Design R. Focardi and R. Gorrieri Eds. Springer 137--196.","key":"e_1_2_2_30_1","DOI":"10.1007\/3-540-45608-2_3"},{"key":"e_1_2_2_31_1","volume-title":"Proceedings of the Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow. IEEE Computer Society Press","author":"Sandhu R.","year":"1987","unstructured":"Sandhu , R. 1987 . On some cryptographic solutions for access control in a tree hierarchy . In Proceedings of the Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow. IEEE Computer Society Press , Los Alamitos, CA, 405--410. Sandhu, R. 1987. On some cryptographic solutions for access control in a tree hierarchy. In Proceedings of the Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow. IEEE Computer Society Press, Los Alamitos, CA, 405--410."},{"doi-asserted-by":"publisher","key":"e_1_2_2_32_1","DOI":"10.1016\/0020-0190(88)90099-3"},{"volume-title":"Proceedings of the ACM Symposium on Applied Computing (SAC'98)","author":"Schneier B.","unstructured":"Schneier , B. , Kelsey , J. , Whiting , D. , Wagner , D. , Hall , C. , and Ferguson , N . 1998. On the twofish key schedule . In Proceedings of the ACM Symposium on Applied Computing (SAC'98) . Springer, 27--42. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., and Ferguson, N. 1998. On the twofish key schedule. In Proceedings of the ACM Symposium on Applied Computing (SAC'98). Springer, 27--42.","key":"e_1_2_2_33_1"},{"doi-asserted-by":"publisher","key":"e_1_2_2_34_1","DOI":"10.1016\/S0167-4048(02)00211-0"},{"doi-asserted-by":"publisher","key":"e_1_2_2_35_1","DOI":"10.1007\/11535706_5"},{"key":"e_1_2_2_36_1","volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'05)","author":"Sion R.","year":"2005","unstructured":"Sion , R. 2005 . Query execution assurance for outsourced databases . In Proceedings of the International Conference on Very Large Databases (VLDB'05) . VLDB Endowment, 601--612. Sion, R. 2005. Query execution assurance for outsourced databases. In Proceedings of the International Conference on Very Large Databases (VLDB'05). VLDB Endowment, 601--612."},{"key":"e_1_2_2_37_1","volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'07)","author":"Sion R.","year":"2007","unstructured":"Sion , R. 2007 . Secure data outsourcing . In Proceedings of the International Conference on Very Large Databases (VLDB'07) . VLDB Endowment, 1431--1432. Sion, R. 2007. Secure data outsourcing. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 1431--1432."},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'07)","author":"Sion R.","unstructured":"Sion , R. and Winslett , M . 2007. Regulatory-Compliant data management . In Proceedings of the International Conference on Very Large Databases (VLDB'07) . VLDB Endowment, 1433--1434. Sion, R. and Winslett, M. 2007. Regulatory-Compliant data management. In Proceedings of the International Conference on Very Large Databases (VLDB'07). VLDB Endowment, 1433--1434.","key":"e_1_2_2_38_1"},{"volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB'06)","author":"Wang H.","unstructured":"Wang , H. and Lakshmanan , L. V. S. 2006. Efficient secure query evaluation over encrypted XML databases . In Proceedings of the International Conference on Very Large Databases (VLDB'06) . VLDB Endowment, 127--138. Wang, H. and Lakshmanan, L. V. S. 2006. Efficient secure query evaluation over encrypted XML databases. In Proceedings of the International Conference on Very Large Databases (VLDB'06). VLDB Endowment, 127--138.","key":"e_1_2_2_39_1"},{"unstructured":"XML Encryption Syntax and Processing W3C Rec. 2002. http:\/\/www.w3.org\/TR\/xmlenc-core\/.  XML Encryption Syntax and Processing W3C Rec. 2002. http:\/\/www.w3.org\/TR\/xmlenc-core\/.","key":"e_1_2_2_40_1"}],"container-title":["ACM Transactions on Database Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1735886.1735891","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1735886.1735891","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:45:33Z","timestamp":1750250733000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1735886.1735891"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,4]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2010,4]]}},"alternative-id":["10.1145\/1735886.1735891"],"URL":"https:\/\/doi.org\/10.1145\/1735886.1735891","relation":{},"ISSN":["0362-5915","1557-4644"],"issn-type":[{"type":"print","value":"0362-5915"},{"type":"electronic","value":"1557-4644"}],"subject":[],"published":{"date-parts":[[2010,4]]},"assertion":[{"value":"2008-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-05-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}