Cloud storage services have recently emerged as a successful
approach for making resources conveniently available to
large communities of users. Several techniques have been
investigated for enabling such services, including encryption
for ensuring data protection, as well as indexing for enabling
efficient query execution on encrypted data. When data are
to be made available selectively, the combined use of the two
techniques must be handled with care, since indexes can put
the confidentiality protection guaranteed by encryption at
risk.
In this paper, we investigate this issue and propose an indexing
technique for supporting efficient access to encrypted
data while preventing possible disclosure of data to users not
authorized to access them. Intuitively, our indexing technique
accounts for authorizations when producing indexes
so to ensure that different occurrences of the same plaintext
value, but accessible by different sets of users, be not
recognizable from their indexes. We show that our solution
exhibits a limited performance overhead in query evaluation,
while preventing leakage of information.