An Inference Resistant Indexing Technique to Enforce Access Control in Data Outsourcing


M.Sc. in Information Technology Dept. of Computer Engineering Sharif University of Technology


Although data outsourcing provides many benefits, it suffers from privacy and security concerns such as enforcement of access control policies and confidentiality of stored sensitive data. Current encryption-based security solutions are inflexible in enforcing fine-grained access control policies and it is necessary for data owner to laboriously specify access control permissions per data item. Additionally, the current indexing methods disregard any control on accessing the relevant data and may cause information leakage. This paper proposes a novel indexing technique to enforce access control policies at server side and based on the value of encrypted data. By exploiting this indexing method and selective encryption, we introduce an access control aware indexing technique, which we refer to as Inference Resistant Indexing Technique (IRIT). The proposed technique, not only prevents leakage of information but also overcomes the overheads associated with a separate access control enforcement mechanism. Meanwhile, the overhead associated with updating access control policies is noticeably reduced. The paper provides a simulation of the proposed technique and a comparison with the alternative approaches to assess the performance of the proposed technique.


Volume 3, Issue 2 - Serial Number 2
April 2016
Pages 83-93
  • Receive Date: 22 October 2016
  • Revise Date: 26 May 2018
  • Accept Date: 04 December 2017
  • First Publish Date: 04 December 2017