Data outsourcing is emerging today as a successful paradigm
allowing users and organizations to exploit external services
for the distribution of resources. A crucial problem to be
addressed in this context concerns the enforcement of selective
authorization policies and the support of policy updates
in dynamic scenarios.
In this paper, we present a novel solution to the enforcement
of access control and the management of its evolution.
Our proposal is based on the application of selective encryption
as a means to enforce authorizations. Two layers of
encryption are imposed on data: the inner layer is imposed
by the owner for providing initial protection, the outer layer
is imposed by the server to reflect policy modifications. The
combination of the two layers provides an efficient and robust
solution. The paper presents a model, an algorithm for
the management of the two layers, and an analysis to identify
and therefore counteract possible information exposure
risks.