An Authorization Model for Multi-Provider Queries
نویسندگان
چکیده
We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced in the query execution by possibly restricting operation assignments to other parties and by adjusting visibility of data on-the-fly. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data. PVLDB Reference Format: Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Giovanni Livraga, Stefano Paraboschi, and Pierangela Samarati. An Authorization Model for Multi-Provider Queries. PVLDB, 11(3): xxxx-yyyy, 2017. DOI: https://doi.org/10.14778/3157794.3157796
منابع مشابه
Authorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملXtending R Esource a Ccess in M Ulti - P Rovider N Etworks Using T Rust M Anagement *
Resource access control in a multi-provider scenario requires an authorization mechanism such that users are granted seamless access to resources (connectivity services, application services and contents) in different provider domains. This paper proposes the integration of a Role-based authorization system in a network service provisioning framework, in order to support multi-provider networks...
متن کاملAN INTEGRATED FIS-QFD MODEL FOR EVALUATION OF INTERNET SERVICE PROVIDER
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملAn Abductive Protocol for Authorization Credential Gathering in Distributed Systems
The problem of authorization in large-scale decentralized systems has been addressed by a number of logic-based policy languages utilizing delegation of authority and distributed security credentials. A central task in this context is that of gathering a set of credentials for a given access request. Previous approaches have focused on methods in which credentials are pulled on-demand from cred...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- PVLDB
دوره 11 شماره
صفحات -
تاریخ انتشار 2017