DSP RE-Encryption: A Flexible Mechanism for Access Control Enforcement Management in DaaS

With the popular use of service-oriented technologies, database as a service (DaaS) as a new paradigm is becoming a more practical and useful model for those enterprises who can´t afford the expensive DBMS products. However access control management by the database service provider (DSP) in the DaaS context is challenging because the DSP may be untrusted for the delegated data contents. In this paper, we first present an approach to implement the flexible access control enforcement management by applying a DSP re-encryption mechanism. Our approach not only can implement the selective access control of the encrypted data by the DSP, but also can relieve the users from the complex key derivation procedure. The underlying idea of our approach is that the DSP uses different re-encryption keys for users of the system to implement flexible access control enforcement management under the DSP re-encryption mechanism. We demonstrate the usefulness and security property of our flexible access control enforcement management, finally we analyze and resolve the possible attacks and information disclosure.