Specification and Deployment of Integrated Security Policies for Outsourced Data

Recent advance in cloud computing has transformed the way information is managed and consumed, since this new paradigm provides cost efficient solutions that allow the transmission, storage, and intensive computing of information. Therefore, Cloud service providers are increasingly required to take responsibility for the storage as well as the efficient and reliable sharing of information, thus carrying out a "data outsourcing" architecture. Despite that outsourcing information on Cloud service providers may cut down data owners’ responsibility of managing data while increasing data availability, data owners hesitate to fully trust Cloud service providers to protect their outsourced data. Recent data breaches on Cloud storage providers have exacerbated these security concerns. In response, security designers defined approaches that provide high level security assurance, such as encrypting data before outsourcing them to Cloud servers. Such traditional approaches bring however the disadvantage of prohibiting useful information release (e.g., efficient querying of outsourced data). This raises then the need to come up with new models and approaches for defining and enforcing security and utility policies on outsourced data. This thesis aims to address this trade-off, while considering two kind of security policies. In the first hand, we focus on confidentiality policies specification and enforcement, which requires enforcing the secrecy of outsourced data stored by an untrusted Cloud service provider, while providing an efficient use (e.g., searching and computing) of the outsourced data by different authorized users. To this end, first, we proposed an approach ensuring the confidentiality of sensitive information in outsourced multirelational databases by combining data fragmentation and encryption techniques. We then defined a secure and effective querying method for data hosted on several service providers. Afterwards, we improved the security of the querying technique we defined in order to protect data confidentiality under a collaborative Cloud storage service providers model. Second, We defined a policy-based configuration framework for sensitive outsourced data allowing the data owner to specify the confidentiality re-