TY - GEN
T1 - Distributed and secure access control in P2P databases
AU - Bonifati, Angela
AU - Liu, Ruilin
AU - Wang, Hui
PY - 2010
Y1 - 2010
N2 - The intent of peer data management systems (PDMS) is to share as much data as possible. However, in many applications leveraging sensitive data, users demand adequate mechanisms to restrict the access to authorized parties. In this paper, we study a distributed access control model, where data items are stored, queried and authenticated in a totally decentralized fashion. Our contribution focuses on the design of a comprehensive framework for access control enforcement in PDMS sharing secure data, which blends policy rules defined in a declarative language with distributed key management schemes. The data owner peer decides which data to share and whom to share with by means of such policies, with the data encrypted accordingly. To defend against malicious attackers who can compromise the peers, the decryption keys are decomposed into pieces scattered amongst peers. We discuss the details of how to adapt distributed encryption schemes to PDMS to enforce robust and resilient access control, and demonstrate the efficiency and scalability of our approach by means of an extensive experimental study.
AB - The intent of peer data management systems (PDMS) is to share as much data as possible. However, in many applications leveraging sensitive data, users demand adequate mechanisms to restrict the access to authorized parties. In this paper, we study a distributed access control model, where data items are stored, queried and authenticated in a totally decentralized fashion. Our contribution focuses on the design of a comprehensive framework for access control enforcement in PDMS sharing secure data, which blends policy rules defined in a declarative language with distributed key management schemes. The data owner peer decides which data to share and whom to share with by means of such policies, with the data encrypted accordingly. To defend against malicious attackers who can compromise the peers, the decryption keys are decomposed into pieces scattered amongst peers. We discuss the details of how to adapt distributed encryption schemes to PDMS to enforce robust and resilient access control, and demonstrate the efficiency and scalability of our approach by means of an extensive experimental study.
UR - http://www.scopus.com/inward/record.url?scp=77958511050&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77958511050&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-13739-6_8
DO - 10.1007/978-3-642-13739-6_8
M3 - Conference contribution
AN - SCOPUS:77958511050
SN - 3642137385
SN - 9783642137389
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 113
EP - 129
BT - Data and Applications Security and Privacy XXIV - 24th Annual IFIP WG 11.3 Working Conference, Proceedings
T2 - 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy
Y2 - 21 June 2010 through 21 June 2010
ER -