DSP re-encryption based access control enforcement management mechanism in DaaS

With the popular use of service-oriented technologies, Database as a Service(DaaS) paradigm is becoming a more practical and useful model for those enterprises who can't afford the expensive DBMS products. However, access control management by the database service provider(DSP) in this paradigm is challenged because the DSP may be untrusted for the delegated data contents. So it is important to design an access control mechanism which can couple with the delegated encrypted database to efficiently improve the usability of the system and help to prevent theft of sensitive and critical data. In this paper, we present a novel approach to implement flexible access control enforcement management by designing a DSP re-encryption mechanism. Our approach not only can implement the selective authorization on the encrypted data, but also can relieve the client users from the complex key derivation procedure. The underlying idea of our approach is that the DSP uses different re-encryption keys for users of the system to implement flexible access control enforcement management under the DSP re-encryption mechanism. We demonstrate the efficiency and security of our flexible access control enforcement management, in the end we analyze and resolve the possible attacks and information disclosure.