Access control enforcement on outsourced data ensuring privacy of access control policies

Nowadays, data outsourcing has become a solution for many organizations especially large scale enterprises due to the high costs of in-house management of the rapidly growing data. Among all security requirements in this context, user access control and its following dynamic changes are of interest. In this paper, we propose an efficient and reliable mechanism to solve this problem in owner-write-users-read applications. A novel solution is introduced to enforce access control on outsourced data using the Chinese Remainder Theorem. The solution allows updating policy changes at a limited cost in terms of both computational power and the number of users´ secret keys. Although the server, on which data is stored, is delegated for enforcing access control, access control policies are protected from being revealed to the server or the users. The solution is applicable to data outsourcing scenarios where users are anonymous but the server is still able to enforce the owner access control policies.