Privacy-Preserving Similarity Measurement for Access Control Policies

摘要

The emergence of global-scale infrastructures for outsourcing data and content to service providers (e.g., cloud computing) creates unprecedented opportunities for data owners to expand their operations and increase their customer base. On the other hand, each data owner (DO) has a certain set of access control policies, which may be different than those of the service providers (SP). Therefore, to enable effective outsourcing, it is important for the DOs to choose SPs with similar access control policies. Several techniques that measure policy similarity have been proposed in previous work, but they assume that policies are publicly accessible. However, in a global-scale environment without well-established relationships of trust, participants may not be willing to reveal their policies to every other stakeholder. Therefore, the need arises to perform policy similarity in a privacy-preserving manner. Specifically, we propose a technique that allows similarity evaluation of encrypted policies. Our technique relies on an existing encryption method for numerical data called asymmetric scalar product-preserving encryption (ASPE). ASPE allows answering of nearest-neighbor queries without the need to reveal the plaintext contents of either the query or the data. We adapt ASPE to support access control policies, and we present a case study of how private policy similarity evaluation is performed within our proposed framework.