{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:00:37Z","timestamp":1777806037416,"version":"3.51.4"},"reference-count":38,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T00:00:00Z","timestamp":1509667200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2018,1,8]]},"abstract":"<jats:p>Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the direct control of the data owner. The shuffle index has been proposed as a solution for addressing these issues when data are stored at an external third party.<\/jats:p>\n                  <jats:p>In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach is based on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Owners regulate access to their data through authorizations that allow different users to access different portions of the data, while, at the same time, the confidentiality of accesses is guaranteed. The proposed approach also supports update operations over the outsourced data collection (i.e., insertion, removal, and update) as well as of the access control policy (i.e., grant and revoke). Also, our approach protects the nature of each access operation, making revoke operations and resource removal operations indistinguishable by the storing server and\/or observing users.<\/jats:p>","DOI":"10.3233\/jcs-171004","type":"journal-article","created":{"date-parts":[[2017,11,5]],"date-time":"2017-11-05T10:55:56Z","timestamp":1509879356000},"page":"143-175","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":5,"title":["Enforcing authorizations while protecting access confidentiality"],"prefix":"10.1177","volume":"26","author":[{"given":"Sabrina","family":"De Capitani di Vimercati","sequence":"first","affiliation":[{"name":"Dipartimento di Informatica, Universit\u00e0 degli Studi di Milano, Italy. E-mails:\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sara","family":"Foresti","sequence":"additional","affiliation":[{"name":"Dipartimento di Informatica, Universit\u00e0 degli Studi di Milano, Italy. E-mails:\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefano","family":"Paraboschi","sequence":"additional","affiliation":[{"name":"Dipartimento di Ingegneria Gestionale, dell\u2019Informazione e della Produzione, Universit\u00e0 degli Studi di Bergamo, Italy. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gerardo","family":"Pelosi","sequence":"additional","affiliation":[{"name":"Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, Italy. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierangela","family":"Samarati","sequence":"additional","affiliation":[{"name":"Dipartimento di Informatica, Universit\u00e0 degli Studi di Milano, Italy. E-mails:\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2017,11,3]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1145\/1455526.1455531"},{"key":"ref002","unstructured":"E.\u00a0Bacis, S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Paraboschi, M.\u00a0Rosa and P.\u00a0Samarati, Mix&Slice: Efficient access revocation in the cloud, in: Proc. of CCS, Vienna, Austria, 2016."},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bethencourt, A.\u00a0Sahai and B.\u00a0Waters, Ciphertext-policy attribute-based encryption, in: Proc. of IEEE S&P, Oakland, CA, 2007.","DOI":"10.1109\/SP.2007.11"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"C.\u00a0Cachin, S.\u00a0Micali and M.\u00a0Stadler, Computationally private information retrieval with polylogarithmic communication, in: Proc. of EUROCRYPT, Prague, Czech Republic, 1999.","DOI":"10.1007\/3-540-48910-X_28"},{"key":"ref005","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.01.008"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Jajodia, S.\u00a0Paraboschi, G.\u00a0Pelosi and P.\u00a0Samarati, Encryption-based policy enforcement for cloud storage, in: Proc. of SPCC, Genova, Italy, 2010.","DOI":"10.1109\/ICDCSW.2010.35"},{"key":"ref007","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Jajodia, S.\u00a0Paraboschi and P.\u00a0Samarati, Over-encryption: Management of access control evolution on outsourced data, in: Proc. of VLDB, Vienna, Austria, 2007."},{"key":"ref008","doi-asserted-by":"publisher","DOI":"10.1145\/1735886.1735891"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Paraboschi, G.\u00a0Pelosi and P.\u00a0Samarati, Efficient and private access to outsourced data, in: Proc. of ICDCS, Minneapolis, MN, 2011.","DOI":"10.1109\/ICDCS.2011.37"},{"key":"ref010","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-130468"},{"issue":"4","key":"ref011","first-page":"1","volume":"11","author":"De Capitani di Vimercati S.","year":"2015","journal-title":"ACM TOS"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Paraboschi, G.\u00a0Pelosi and P.\u00a0Samarati, Access control for the shuffle index, in: Proc. of DBSec, Trento, Italy, 2016.","DOI":"10.1007\/978-3-319-41483-6_10"},{"key":"ref013","unstructured":"S.\u00a0De Capitani di Vimercati, S.\u00a0Foresti, S.\u00a0Paraboschi, G.\u00a0Pelosi and P.\u00a0Samarati, Three-server swapping for access confidentiality,\n                      IEEE TCC\n                      (2016), pre-print."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"S.\u00a0Devadas, M.\u00a0van Dijk, C.W.\u00a0Fletcher, L.\u00a0Ren, E.\u00a0Shi and D.\u00a0Wichs, Onion ORAM: A constant bandwidth blowup oblivious RAM, in: Proc. of TCC, Tel Aviv, Israel, 2016.","DOI":"10.1007\/978-3-662-49099-0_6"},{"key":"ref015","doi-asserted-by":"crossref","unstructured":"O.\u00a0Goldreich, Towards a theory of software protection and simulation by oblivious RAMs, in: Proc. of STOC, New York, NY, 1987.","DOI":"10.1145\/28395.28416"},{"key":"ref016","unstructured":"V.\u00a0Goyal, A.\u00a0Jain, O.\u00a0Pandey and A.\u00a0Sahai, Bounded ciphertext policy attribute based encryption, in: Proc. of ICALP, Reykjavik, Iceland, 2008."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"V.\u00a0Goyal, O.\u00a0Pandey, A.\u00a0Sahai and B.\u00a0Waters, Attribute-based encryption for fine-grained access control of encrypted data, in: Proc. of CCS, Alexandria, VA, 2006.","DOI":"10.1145\/1180405.1180418"},{"key":"ref018","unstructured":"M.\u00a0Green, S.\u00a0Hohenberger and B.\u00a0Waters, Outsourcing the decryption of ABE ciphertexts, in: Proc. of USENIX, San Francisco, CA, 2011."},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"H.\u00a0Hacig\u00fcm\u00fcs, B.\u00a0Iyer, S.\u00a0Mehrotra and C.\u00a0Li, Executing SQL over encrypted data in the database-service-provider model, in: Proc. of SIGMOD, Madison, WI, 2002.","DOI":"10.1145\/564691.564717"},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"M.S.\u00a0Islam, M.\u00a0Kuzu and M.\u00a0Kantarcioglu, Inference attack against encrypted range queries on outsourced databases, in: Proc. of CODASPY, San Antonio, TX, USA, 2014.","DOI":"10.1145\/2557547.2557561"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"R.\u00a0Jhawar and V.\u00a0Piuri, Fault tolerance management in IaaS clouds, in: Proc. of ESTEL, Rome, Italy, 2012.","DOI":"10.1109\/ESTEL.2012.6400113"},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"R.\u00a0Jhawar and V.\u00a0Piuri, Fault tolerance and resilience in cloud computing environments, in: Computer and Information Security Handbook, 2nd edn, J.\u00a0Vacca, ed. Morgan Kaufmann, 2013.","DOI":"10.1016\/B978-0-12-394397-2.00007-6"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"R.\u00a0Jhawar, V.\u00a0Piuri and P.\u00a0Samarati, Supporting security requirements for resource management in cloud computing, in: Proc. of CSE, Paphos, Cyprus, 2012.","DOI":"10.1109\/ICCSE.2012.32"},{"key":"ref024","doi-asserted-by":"crossref","unstructured":"A.B.\u00a0Lewko, T.\u00a0Okamoto, A.\u00a0Sahai, K.\u00a0Takashima and B.\u00a0Waters, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, in: Proc. of EUROCRYPT, French Riviera, France, 2010.","DOI":"10.1007\/978-3-642-13190-5_4"},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"P.\u00a0Lin and K.\u00a0Candan, Hiding traversal of tree structured data from untrusted data stores, in: Proc. of WOSIS, Porto, Portugal, 2004.","DOI":"10.1007\/3-540-44853-5_35"},{"key":"ref026","doi-asserted-by":"crossref","unstructured":"R.\u00a0Ostrovsky, Efficient computation on oblivious RAMs, in: Proc. of STOC, Baltimore, MD, 1990.","DOI":"10.1145\/100216.100289"},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"R.\u00a0Ostrovsky, A.\u00a0Sahai and B.\u00a0Waters, Attribute-based encryption with non-monotonic access structures, in: Proc. of CCS, Alexandria, VA, 2007.","DOI":"10.1145\/1315245.1315270"},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"R.\u00a0Ostrovsky and W.E.\u00a0Skeith, III, A survey of single-database private information retrieval: Techniques and applications, in: Proc. of PKC, Beijing, China, 2007.","DOI":"10.1007\/978-3-540-71677-8_26"},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"M.\u00a0Raykova, H.\u00a0Zhao and S.M.\u00a0Bellovin, Privacy enhanced access control for outsourced data sharing, in: Proc. of FC, Kralendijk, Bonaire, 2012.","DOI":"10.1007\/978-3-642-32946-3_17"},{"key":"ref030","unstructured":"L.\u00a0Ren, C.\u00a0Fletcher, A.\u00a0Kwon, E.\u00a0Stefanov, E.\u00a0Shi, M.\u00a0Van Dijk and S.\u00a0Devadas, Constants count: Practical improvements to oblivious RAM, in: Proc. of USENIX, Washington, DC, 2015."},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"A.\u00a0Sahai and B.\u00a0Waters, Fuzzy identity-based encryption, in: Proc. of EUROCRYPT, Aarhus, Denmark, 2005.","DOI":"10.1007\/11426639_27"},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"P.\u00a0Samarati and S.\u00a0De Capitani di Vimercati, Cloud security: Issues and concerns, in: Encyclopedia on Cloud Computing, S.\u00a0Murugesan and I.\u00a0Bojanova, eds, Wiley, 2016.","DOI":"10.1002\/9781118821930.ch17"},{"key":"ref033","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov and E.\u00a0Shi, ObliviStore: High performance oblivious cloud storage, in: Proc. of IEEE S&P, San Francisco, CA, 2013.","DOI":"10.1109\/SP.2013.25"},{"key":"ref034","doi-asserted-by":"crossref","unstructured":"E.\u00a0Stefanov, M.\u00a0van Dijk, E.\u00a0Shi, C.\u00a0Fletcher, L.\u00a0Ren, X.\u00a0Yu and S.\u00a0Devadas, Path ORAM: An extremely simple oblivious RAM protocol, in: Proc. of CCS, Berlin, Germany, 2013.","DOI":"10.1145\/2508859.2516660"},{"issue":"8","key":"ref035","first-page":"1467","volume":"23","author":"Wang C.","year":"2012","journal-title":"IEEE TPDS"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"B.\u00a0Waters, Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization, in: Proc. of PKC, Taormina, Italy, 2011.","DOI":"10.1007\/978-3-642-19379-8_4"},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"P.\u00a0Williams, R.\u00a0Sion and B.\u00a0Carbunar, Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage, in: Proc. of CCS, Alexandria, VA, 2008.","DOI":"10.1145\/1455770.1455790"},{"issue":"11","key":"ref038","first-page":"1790","volume":"8","author":"Yang K.","year":"2013","journal-title":"IEEE TIFS"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-171004","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-171004","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-171004","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:06Z","timestamp":1777495506000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-171004"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,3]]},"references-count":38,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2018,1,8]]}},"alternative-id":["10.3233\/JCS-171004"],"URL":"https:\/\/doi.org\/10.3233\/jcs-171004","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,11,3]]}}}