A Privacy Preserving Selective Authorization Enforcement Approach in Daas

Database as a Service (DaaS) is a practical and useful paradigm, in which the Database Service Provider (DSP) hosts the delegated database generated from the Source DB of Data Owner (DO). Due to the untrusted DSP, most of the proposed approaches were concentrated on using encryption to guarantee the privacy of delegated database and using partition based index to speed up the query. However, few papers were proposed to guarantee the privacy of delegated access control policies. Therefore in order to improve the usability of delegated database and guarantee the privacy of delegated access control policies, a critical problem to be addressed in DaaS is to make the DSP enforce the delegated selective authorization policies correctly, but know nothing about the privacy of users or the privacy of delegated authorization policies. In this paper, we present a privacy preserving selective authorization enforcement approach to resolve the critical problem above. By using selective encryption, Pedersen commitment and access control policy polynomial, the privacy of delegated access control policies and the privacy of users can be efficiently guaranteed. Finally we analyze the security properties of our approach from different aspects.