TY - GEN
T1 - Privacy-preserving similarity measurement for access control policies
AU - Cho, Eun Ae
AU - Ghinita, Gabriel
AU - Bertino, Elisa
PY - 2010
Y1 - 2010
N2 - The emergence of global-scale infrastructures for outsourcing data and content to service providers (e.g., cloud computing) creates unprecedented opportunities for data owners to expand their operations and increase their customer base. On the other hand, each data owner (DO) has a certain set of access control policies, which may be different than those of the service providers (SP). Therefore, to enable effective outsourcing, it is important for the DOs to choose SPs with similar access control policies. Several techniques that measure policy similarity have been proposed in previous work, but they assume that policies are publicly accessible. However, in a global-scale environment without well-established relationships of trust, participants may not be willing to reveal their policies to every other stakeholder. Therefore, the need arises to perform policy similarity in a privacy-preserving manner. Specifically, we propose a technique that allows similarity evaluation of encrypted policies. Our technique relies on an existing encryption method for numerical data called asymmetric scalar product-preserving encryption (ASPE). ASPE allows answering of nearest-neighbor queries without the need to reveal the plaintext contents of either the query or the data. We adapt ASPE to support access control policies, and we present a case study of how private policy similarity evaluation is performed within our proposed framework.
AB - The emergence of global-scale infrastructures for outsourcing data and content to service providers (e.g., cloud computing) creates unprecedented opportunities for data owners to expand their operations and increase their customer base. On the other hand, each data owner (DO) has a certain set of access control policies, which may be different than those of the service providers (SP). Therefore, to enable effective outsourcing, it is important for the DOs to choose SPs with similar access control policies. Several techniques that measure policy similarity have been proposed in previous work, but they assume that policies are publicly accessible. However, in a global-scale environment without well-established relationships of trust, participants may not be willing to reveal their policies to every other stakeholder. Therefore, the need arises to perform policy similarity in a privacy-preserving manner. Specifically, we propose a technique that allows similarity evaluation of encrypted policies. Our technique relies on an existing encryption method for numerical data called asymmetric scalar product-preserving encryption (ASPE). ASPE allows answering of nearest-neighbor queries without the need to reveal the plaintext contents of either the query or the data. We adapt ASPE to support access control policies, and we present a case study of how private policy similarity evaluation is performed within our proposed framework.
KW - asymmetric scalar product-preserving encryption (aspe)
KW - policy similarity
UR - http://www.scopus.com/inward/record.url?scp=78650123882&partnerID=8YFLogxK
U2 - 10.1145/1866855.1866859
DO - 10.1145/1866855.1866859
M3 - Conference contribution
AN - SCOPUS:78650123882
SN - 9781450300902
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 3
EP - 11
BT - Proceedings of the 6th ACM Workshop on Digital Identity Management, DIM '10, Co-located with CCS'10
T2 - 6th ACM Workshop on Digital Identity Management, DIM '10, Co-located with CCS'10
Y2 - 4 October 2010 through 8 October 2010
ER -