Data outsourcing is becoming today a successful solution
that allows users and organizations to exploit external
servers for the distribution of resources. Some of the most
challenging issues in such a scenario are the enforcement
of authorization policies and the support of policy updates.
Since a common approach for protecting the outsourced data
consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination
of access control with cryptography. This idea is in itself
not new, but the problem of applying it in an outsourced
architecture introduces several challenges.
In this paper, we first illustrate the basic principles on
which an architecture for combining access control and cryptography can be built. We then illustrate an approach for
enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at
a limited cost in terms of bandwidth and computational
power.