<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>QFilter: Towards a Fine-Grained Access Control for Aggregation Query Processing over Secret Shared Data</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Meghdad Mirabi</string-name>
          <email>meghdad.mirabi@cs.tu-darmstadt.de</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Carsten Binnig</string-name>
          <email>carsten.binnig@cs.tu-darmstadt.de</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Access Control</institution>
          ,
          <addr-line>Data Outsourcing, Privacy Preserving, Query Processing, Secret Sharing</addr-line>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Faculty of Computer Science, Technical University of Darmstadt</institution>
          ,
          <addr-line>Darmstadt</addr-line>
          ,
          <country country="DE">Germany</country>
        </aff>
      </contrib-group>
      <abstract>
        <p>This paper presents QFilter, a privacy-preserving and communication eficient solution that integrates an Attribute-Based Access Control (ABAC) model into query processing. QFilter enables the specification and enforcement of fine-grained access control policies tailored to secret-shared data. It can process aggregation SQL queries, including ”count”, ”sum”, and ”avg” functions, with both conjunctive (using ”AND”) and disjunctive (using ”OR”) equality query conditions, without the need for inter-server communication. QFilter is secure against honest-but-curious adversaries, and the preliminary experiments illustrate its applicability for preserving privacy in query processing over secret-shared data, especially at the tuple level access control with the lowest overhead.</p>
      </abstract>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1. Introduction</title>
      <p>
        Cloud computing ofers numerous benefits to
organizations and individuals looking to store and process
data in a public environment. These advantages include
high availability, scalability, and eficiency, while also
reducing infrastructure provisioning and maintenance
nificant obstacles to data outsourcing in the cloud. There
is apprehension about potential breaches of data privacy
and leakage of data processing results to other cloud
tenants or the service provider, as data owners lack direct
control over their data and computations [
        <xref ref-type="bibr" rid="ref16 ref17 ref18 ref2 ref3">4, 5, 6</xref>
        ].
      </p>
      <p>
        To enhance the security of outsourced data, it is
esing and enforcing access control policies tailored to this
context [
        <xref ref-type="bibr" rid="ref19 ref20">7, 8</xref>
        ]. These models should consider varying
levels of data sensitivity. Fine-grained access control
policies ofer enhanced control, allowing organizations
to define restrictions at the level of individual tuples,
attributes, or cells within a relation [9, 10, 11]. Such
granular control ensures the protection of sensitive data by
permitting access only to authorized users. In addition
nEvelop-O
LGOBE
over outsourced data.
      </p>
      <sec id="sec-1-1">
        <title>The conventional approach to protect sensitive data</title>
        <p>
          fore outsourcing it [
          <xref ref-type="bibr" rid="ref10 ref11 ref17 ref3 ref8 ref9">5, 16, 17, 11, 18, 19</xref>
          ]. This approach
involves transferring access to the outsourced data into
access to secret keys used for encryption prior to
uploading it to the cloud. However, existing techniques such as
        </p>
      </sec>
      <sec id="sec-1-2">
        <title>Homomorphic Encryption [20, 21, 22, 23, 24], Searchable</title>
      </sec>
      <sec id="sec-1-3">
        <title>Encryption [25, 26, 27, 28], and Bucketization [29] are</title>
        <p>either extremely complex or cannot practically support
various types of queries.</p>
        <p>Attribute-Based Encryption (ABE) is an efective
technique in cloud computing for ensuring data
confidentiality, data privacy, and fine-grained access control [ 30, 31,
32, 33, 34, 35, 36, 37]. ABE allows decryption of ciphertext
only if the user’s attribute set meets the specified access
control policies. However, conventional ABE approaches
access policies to the public, making them susceptible to
inference attacks [38, 39].</p>
        <p>Recently, several research works have explored secret
sharing schemes for eficient processing of aggregation
privacy of the data, user queries, and query results. How- tors for QFilter to obliviously process aggregation
ever, the existing proposals [40, 41, 42, 43] assume that SQL queries, including ”count”, ”sum”, and ”avg”
data users are fully trusted and can access outsourced functions, with both conjunctive (using ”AND”)
data without any limitations. In practice, data users have and disjunctive (using ”OR”) equality query
condiferent access privileges, and requests to access unau- ditions over secret-shared data. These operators
thorized parts of outsourced data must be filtered. utilize bit-wise multiplication and addition on</p>
        <p>Existing research on data outsourcing lacks a practi- secret-shared data, enabling fast computation of
cal solution for specifying fine-grained access control aggregation results. Moreover, the use of these
policies and enforcing them during the processing of operators in QFilter eliminates the need for
interaggregation SQL queries over secret-shared data while server communication during query processing.
simultaneously preserving the privacy of outsourced • We analyze QFilter in terms of the number of
data, associated access control policies, user queries, and computation and communication rounds at both
query results. To address these challenges, this paper server and data user sides. Additionally, we
conintroduces QFilter, which integrates an Attribute-Based duct preliminary experiments to demonstrate the
Access Control (ABAC) model with aggregation query performance overhead of QFilter for data
outprocessing. QFilter enables the specification and enforce- sourcing and privacy-preserving query
processment of fine-grained access control policies tailored to ing.
secret-shared relations. The proposed ABAC model
supports flexible access control policy specification at the The rest of paper is organized as follows: Section 2
tuple, attribute, or cell level, accommodating complex describes the preliminary concepts. Section 3 provides
access conditions. To enforce access authorizations, QFil- an overview of the system architecture, adversary model,
ter employs an oblivious query rewriting and process- and security requirements in QFilter. Section 4 presents
ing technique, incorporating query conditions into the our proposed ABAC model. Section 5 explains our
proWHERE clause of the submitted SQL query to check ac- posed solution for data outsourcing and oblivious query
cess authorizations and filter unauthorized data during rewriting and processing. Section 6 evaluates the
overquery execution. For eficient and privacy-preserving head of QFilter for data outsourcing and privacy
preservquery processing, QFilter utilizes string matching-based ing query processing. Section 7 reviews and compares
operators to process aggregation SQL queries, including existing research works with QFilter. Finally, Section 8
”count”, ”sum”, and ”avg” functions, with both conjunc- concludes the paper and discusses future works.
tive (using ”AND”) and disjunctive (using ”OR”) equality
query conditions over secret-shared data. The
contributions of this paper can be summarized as follows: 2. Background
• We propose an ABAC model for QFilter that
introduces new attributes to the relation, representing
specific access control policies. These attributes
allow us to specify a set of fine-grained access
control policies. To support complex access
conditions and reduce the number of ABAC
policies, our proposed ABAC model combines user
attribute conditions using boolean operators,
resulting in a single condition set. This set is then
automatically mapped to a unique user group in
QFilter, which facilitates the specification of
access control policies for diferent data items (i.e.,
tuples, attributes, or cells) in the outsourced
relation.
• We obliviously rewrite the submitted aggregation</p>
        <p>SQL query in QFilter by adding new query
conditions to the WHERE clause, ensuring access
authorizations are checked and unauthorized data
items are filtered out during query processing.</p>
        <p>Importantly, QFilter eliminates the need for
interserver communication during query rewriting.
• We design eficient string matching-based
opera</p>
      </sec>
      <sec id="sec-1-4">
        <title>In this section, we briefly review the basic concepts used in QFilter.</title>
        <sec id="sec-1-4-1">
          <title>2.1. Shamir’s Secret Sharing Scheme</title>
        </sec>
      </sec>
      <sec id="sec-1-5">
        <title>Shamir’s secret sharing scheme [44] is a threshold se</title>
        <p>cret sharing scheme that provides security against
adversaries with unlimited computing resources. The
basic idea behind Shamir’s secret sharing scheme is that
k points are enough to define a k-1 degree polynomial.</p>
        <p>To share a secret value S among c non-communicating
participants/servers, the data owner chooses k-1
random coeficients  1,  2, ...,  −1 to build a polynomial
 () =  0 +  1 1 +  2 2 + ... +  −1  −1 , where ( ≤  ),
 () ∈  ℙ[] , ℙ is a prime number,  ℙ is a finite field
of order ℙ,  0 =  , and   ∈ ℕ (∀1 ≤  ≤  − 1 ). Then,
each participant/server i (∀1 ≤  ≤  ) is given a point
(  ,  (  )) on the polynomial. The secret value  can be
reconstructed by performing the Lagrange interpolation
operation using any subset of k secret shares [45, 46, 47].
2.2. String Matching on Secret Shares that the data user does not need to ask from the data owner
Recently, a new string matching method called Accumu- about any polynomial to build the secret-shares of value
lating Automata (AA) is proposed by [48], which elim- ”checking”.
inates the requirement for cooperation between
participants/servers during string matching. This technique Table 3
can be efectively utilized in QFilter to determine the Secret-Shares of Value ”checking” Created by the Data User
satisfaction of query conditions in the WHERE clause of Value Polynomial S1 (x=1) S2 (x=2) S3 (x=3) S4 (x=4) S5 (x=5)
submitted SQL queries. 0 0+3x 3 6 9 12 15</p>
        <p>Assuming that S is the secret value and   (∀1 ≤  ≤  ) 1 1+4x 5 9 13 17 21
represents the ith secret-share of S stored at the
corresponding server, the AA method enables a data user to At the server side, every individual server performs a
search a string pattern p. By generating c secret-shares position-wise multiplication of the bits they possess, adds
of p (  , ∀1 ≤  ≤  ), each server can independently search up all the multiplication results, and sends them to the data
for the secret-share pattern   within the secret-share   . owner. This process is illustrated in Table 4.
The result is a secret-share of either 1 or 0, indicating a
match or mismatch between the respective secret-shares. Table 4
The AA method combines the secret-shares through mul- Operations Performed by Non-Communicating Servers
tiplication and addition, allowing the data user to recon- Server 1 Server 2 Server 3 Server 4 Server 5
struct the secret value using the Lagrange interpolation 1 × 3 = 3 2 × 6 = 12 3 × 9 = 27 4 × 12 = 48 5 × 15 = 75
operation after collecting outputs from k servers, where 33+×155==1158 125 +× 945==4557 277 +× 1931 == 91118 489 +× 11753==152301 7151+×22311==233016
 ≤  . The process of string matching using this method
in shown in Example 1.</p>
        <p>After receiving the outputs from the set of 5
nonExample 1. Consider the values of the Account Type at- c=o1m1m8, un4ic=a2ti0n1g, asnerdver5s=, w30h6i,c hthaerdeata1 u=se1r8,per2fo=rm57s,th3e
tribute in the Account relation shown in Table 1, which are Lagrange interpolation operation to reconstruct the secret
”checking” and ”saving”. These two values can be mapped answer, which is 1 (i.e.,  0 = 1), confirming that the string
to ”01” and ”10” in the unary representation form, respec- pattern has been found. The process is as follows:
Ttiyvpeelya,tatrsibwueteo.nly have these two values for the Account ( (1−−  22))(( 1−−  33))(( −1 −  44))((−1 − 5)5) ×  1 + ( (2−−  11))(( 2−−  33))(( −2 −  44))((−2 − 5)5) ×  2+</p>
        <p>Now, let’s assume that the unary representation ”01” of
the value ”checking” is outsourced by the data owner. This
means that the value ”checking” will be revealed to the
adversary. To prevent data disclosure, the data owner can use
two polynomials with an identical degree to outsource the
value ”checking” to a set of 5 non-communicating servers,
as shown in Table 2.</p>
      </sec>
    </sec>
    <sec id="sec-2">
      <title>3. Overview</title>
      <sec id="sec-2-1">
        <title>In this section, we provide an overview of the system architecture of QFilter, the adversarial model, and the security requirements in QFilter.</title>
        <sec id="sec-2-1-1">
          <title>3.1. System Architecture</title>
          <p>Value Polynomial S1 (x=1) S2 (x=2) S3 (x=3) S4 (x=4) S5 (x=5) We assume three entities in QFilter’s system
architec0 0+x 1 2 3 4 5 ture: Data Owner, Data User, and Non-Communicating
1 1+2x 3 5 7 9 11 Servers. The interaction between these entities are shown
in Figure 1.</p>
          <p>Now, assume that the data user wants to search for In Step 1, the data user registers his identity attributes
the value ”checking”. The data user knows that the value with the data owner. In Step 2, the data owner creates
”checking” is represented as ”01”. Then, he/she creates secret- and sends a credential to the data user based on his
idenshares for that as shown in Table 3. It should be noted here tity attributes. User credentials are stored in the userInfo</p>
        </sec>
      </sec>
      <sec id="sec-2-2">
        <title>3, the data owner splits relation R (i.e., including data</title>
        <p>and associated access control policies) into c relations
 1,  2, ..., and   using Shamir’s secret sharing scheme,
and sends each relation to the corresponding server.
Simalso lacks access to the secret-sharing algorithm and its
related information employed by the data owner.</p>
        <p>In this model, only authenticated users are allowed
to request aggregation SQL queries on the outsourced
data. They seek to uncover unauthorized portions of the
data and confidential access control policies.
Additionally, they aim to extract information about filtered parts
of their query results. Authenticated users establish
secure and trusted communication channels with the data
owner and non-communicating servers, employing their
credentials for authentication at the server side.</p>
        <p>It is important to note that QFilter adheres to the
limitations imposed by secret sharing schemes, where the
adversary is unable to collude with the majority of servers
or access the communication channel between the data
owner/data user and individual servers. It is assumed
that the servers are hosted across diverse cloud
infrastructures, each managed by a distinct cloud service provider.
Additionally, it is assumed that the majority of these
providers refrain from colluding with one another due
to their conflicting interests.
3.3. Security Requirements
tion stored in its corresponding    
query rewriting process. In Step 4, the data user
creates c queries  1,  2, ..., and   based on the query Q
by converting each value of query condition into sets
of secret-shared values. Each query is sent to the
corresponding server along with the set of secret-shared
values. In Step 5, every individual server rewrites its
assigned query by adding new query conditions to the
WHERE clause for access authorization checks and
executes it to produce the partial output for that. The partial
outputs from the execution of queries  1,  2, ..., and  
(where  &lt;  ) are then sent to the data user. The data
user then performs the Lagrange interpolation operation
 relation for the
to obtain the final query result.
3.2. Adversary Model
and query results. This prevention is essential to avoid
potential attacks, including:
• Frequent Count Attack: Observing
cryptographically secure data and associated access control
policies to infer the frequency of each value.
• Access Pattern Attack: Deducting which tuples
satisfy or are filtered out from a submitted query.
• Query Pattern Attack: Analyzing the pattern of
queries issued by data users to infer sensitive
information or unauthorized access patterns.
• Output Size Attack: Counting the number of
tuples satisfying or being filtered out from a query
condition during both query processing and
access authorization checking.</p>
      </sec>
      <sec id="sec-2-3">
        <title>The privacy of secret values (i.e., outsourced data itself,</title>
        <p>ilarly, c relations    
servers. Every individual server   requires the informa- data itself, associated access control policies, user queries,
In this paper, we consider the honest-but-curious ad- associated access control policies, and query results) in
versary model. Under this model, non-communicating
servers faithfully perform their assigned tasks (i.e., query
rewriting and query processing) without attempting to
modify sensitive data. However, every individual server</p>
      </sec>
      <sec id="sec-2-4">
        <title>QFilter relies on two factors: (1) ensuring that only the</title>
        <p>data owner or authorized users can reconstruct the secret
value, and (2) providing unique representations for each
occurrence of a value at each individual server to prevent
may utilize side information, such as background knowl- frequency analysis.
edge, query execution, and output size, to gather useful</p>
      </sec>
      <sec id="sec-2-5">
        <title>To ensure the privacy of user queries in QFilter, two</title>
        <p>information about outsourced data, access control poli- conditions must be met: (1) the actual values of query
cies, user query, and query results.</p>
        <p>We assume that the data owner is fully trusted and
immune to any attacks from the adversary. The adversary
conditions are concealed from adversaries, and (2) queries
of the same type cannot be distinguished based on their
query results. Queries are considered to be of the same
type if they produce identical output sizes, such as aggre- boolean, etc.) to ensure consistency and avoid any
pogation SQL queries containing the ”count” function. tential ambiguity or type mismatching in access control</p>
        <p>QFilter must ensure that every individual server be- policies.
haves identically when processing a given aggregation
SQL query submitted by the data user. Furthermore, Example 2. Three user attributes (Role, String), (Age,
the servers must always provide the same answer to the Integer), (Sex, Boolean) can be defined in QFilter based on
query. To demonstrate this, it is needed to compare the Definition 1.
actual execution of the algorithms used in QFilter for
query processing on the servers with the ideal execution
of these algorithms at a trusted party that has the same
data, access control policies, and query conditions. An
algorithm in QFilter preserves data privacy from every
individual server if the real and ideal executions of such
an algorithm return the same answer to the data user.</p>
        <p>Definition 2 (User Attribute Condition). A user attribute
condition is defined in the form of  :     
    , where  is a unique condition name,    
is the name of an identity attribute of users,  is a
comparison operator such as ”=”, ”&gt;=”, ”&lt;=”, ”&gt;”, ”&lt;”, and
”!=”, and     is a value from the set of values in the
predefined datatype    that can be used by the identity
attribute.</p>
      </sec>
    </sec>
    <sec id="sec-3">
      <title>4. Access Control Specification</title>
      <sec id="sec-3-1">
        <title>In this section, we provide a detailed description of our proposed access control model.</title>
        <p>Example 3. Three user attribute conditions C1, C2, and
C3 can be defined in QFilter based on Definition 2 as follows:
C1: Role = ”Banker”, C2: Age &gt; 18, and C3: Sex = 0.</p>
      </sec>
      <sec id="sec-3-2">
        <title>Definition 3 (User Attribute Condition Set). A user at</title>
        <p>4.1. Access Control Moded in QFilter tribute condition set is defined in the form of  : 
| (   ) | (   ) | (
In Attribute Based Access Control (ABAC) model, request   ), where  is a unique name for the
of a subject to perform an action on an object is granted condition set,  is a unique condition name,  is
or denied based on a set of the assigned attributes of a boolean operator which can be ”∧” or ”∨”, and ”|” is a
subjects and objects [49, 50, 51, 52]. Based on the general discriminator.
basis in this model, our proposed ABAC model includes
the following elements:
Example 4. User attribute condition set CS1: (C1 ∧ (C2
∨ C3)) can be defined in QFilter based on Definition 3.
• Users (U ). It consists of the data users who submit
aggregation SQL queries over the outsourced data
in QFilter.
• Data Items (DI ). It represents the protected data
items in QFilter, such as tuples, attributes, or cells
in a relation.
• Actions (A). It encompasses the available
aggregation functions in QFilter, namely ”count”,
”sum”, and ”avg”.
• Policies (P ). It includes all the access control
policies associated with the data items in QFilter.</p>
      </sec>
      <sec id="sec-3-3">
        <title>Based on Definition 3, our proposed ABAC model al</title>
        <p>lows user attribute conditions specified by the data owner
to be combined as a set of conditions, enabling the
speciifcation of complex conditions. This feature supports the
modeling of complex real-world situations.</p>
        <p>Definition 4 (User Group). A user group is defined as a
set of data users whose identity attributes satisfy the user
attribute condition set in an ABAC policy.</p>
      </sec>
      <sec id="sec-3-4">
        <title>In our proposed ABAC model, each unique user at</title>
        <p>tribute condition set is mapped to a unique user group</p>
        <p>In this model, users possess identity attributes (e.g., (according to Definition 5).
name, afiliation, ofice number, job title, role, trust level),
and ABAC policies are linked to data items to define ac- Definition 5 (Mapping of a User Attribute Condition Set
cess conditions based on users’ identity attributes. A user to a User Group). Given a set of user attribute condition
whose attributes satisfy the ABAC policy associated with set UACS = { 1,  2, ...,   }, a unique user
a data item is granted permission to perform a specific group   can be automatically created by QFilter for a user
action (i.e., an aggregation function) on that data item. attribute condition set   , where ∀1 ≤  ≤  .</p>
      </sec>
      <sec id="sec-3-5">
        <title>Definition 1 (User Attribute (UA)). A user attribute is</title>
        <p>defined as a pair of (   ,    ) such that ∀ ∈   ∶
 = ( ,   ) , where   is a unique attribute
name and    is a predefined data type in QFilter.</p>
        <p>Definition 6 (ABAC Policy). An ABAC policy is defined</p>
        <p>In accordance with Definition 1, user attributes re- as a triple (userGroup, dataItem, aggrFunc), where
userquire predefined data types (e.g., integer, floating point, Group is a user group, each member of which has a set of
Example 5. User group  1 can be automatically mapped
to the user attribute condition set CS1 in Example 4 based
on Definition 5.
identity attributes which satisfy a specific user attribute Definition 7 (Min User Group). The user group  0 is
condition set, dataItem is a data item in relation R, and defined as the       if it is not mapped to any
aggrFunc is an aggregation function supported by QFilter. of the existing user attribute condition sets in QFilter.
Example 6. An ABAC policy can be defined as follows:
( 1, Balance, sum) in which a user who is a member of user
group  1 can perform the aggregation function sum on the
data item Balance in the relation Account (Table 1).</p>
      </sec>
      <sec id="sec-3-6">
        <title>Based on Definition 7, if there is no ABAC policy for</title>
        <p>a data item in relation R (i.e., access denied for all data
users), the value of the new attribute for this data item
in relation R is set to  0.</p>
        <p>Based on Definition 6, our ABAC model only supports Example 7. Tables 5 and 6 illustrate the policy
attachpositive access authorizations, implying that access to a ment process for relation Account (Table 1), with tuple and
specific data item is denied by default. attribute/cell access control granularity levels, respectively.
As shown in Table 5, users in user group  1 have access to
4.2. Policy Attachment in QFilter the first tuple of relation R for performing the aggregation
functions ”count” and ”sum”. However, none of the users
To attach ABAC policies to the outsourced relation R, in  1 can access the second and third tuples to preform an
new attributes representing these policies are added to aggregation function, as the attributes Count and Sum are
the relation. For tuple-level access control, two additional set to  0 and  2 for them, respectively. In Table 6, users
attributes are introduced, one for the ”count” aggregation in user group  1 can access the first and third tuples of
function and another for the ”sum” aggregation function. relation R for performing the aggregation functions ”count”
For attribute/cell-level access control, two attributes are and ”sum” on the Balance data item, as the attribute values
introduced for each attribute in relation R, one for the Balance-Count and Balance-Sum are set to  1. As shown
”count” aggregation function and another for the ”sum” in Table 6, the attributes Account No.-Sum and Account
aggregation function. Each value of the new attribute Type-Sum in all tuples of relation Account are set to  0,
corresponds to a labeled ABAC policy, associated with a as the ”sum” aggregation function is not defined for the
unique user group according to Definition 5. attributes Account No. and Account Type.</p>
        <p>It is important to note that our proposed ABAC model
excludes access control policies for the aggregation func- Table 5
tion ”avg”. This decision is based on the observation Tuple Level Policy Attachment
that the result of aggregation function ”avg” can be
derived from the results of aggregation functions ”sum” Account No. Account Type Balance (×1000$) Count Sum
and ”count”. By relying on the ABAC policies for the ag- 1 checking 2  1  1
gregation functions ”sum” and ”count”, QFilter prevents 23 chsaevcikningg 13  02  02
potential conflicts between diferent access control
policies for the aggregation function ”avg”. Therefore, when
a data user requests an aggregation SQL query including
”avg” function, the corresponding ABAC policies for the 5. Data Outsourcing and Privacy
aggregation functions ”sum” and ”count” are checked Preserving Query Processing
instead of explicitly checking access control policies for
the aggression function ”avg”. Additionally, QFilter does In this section, we provide a detailed description of
not allow the setting of access control policies for specific our proposed solution for data outsourcing and
privacydata items (i.e., tuples, attributes, or cells) with diferent preserving query processing in QFilter. It utilizes an
user groups for the aggregation functions ”count” and oblivious query rewriting and processing technique to
”sum” in order to avoid conflicts among access control tightly integrate the access control enforcement
mechapolicies for the aggregation function ”avg”. However, it nism into the query processing workflow. The solution
is permissible to set access control policies with difer- involves the following steps: 1) Creation and distribution
ent user groups for the aggregation function ”sum” (or of secret shares by the data owner, 2) Query submission
”count”) when access to preform the aggregation function and distribution by the data user, 3) Query rewriting and
”count” (or ”sum”) for such data items are denied, as the processing by non-communicating servers, and 4) Query
aggregation function ”avg” is not allowed in such cases. result collection by the data user. We also consider the</p>
        <p>To support the case that no ABAC policy is specified complexity of our proposed solution in terms of
numfor a specific data item in relation R, QFilter uses a user ber of communication and computation rounds at both
group called Min User Group, which does not map to any server and data user sides.
user attribute condition set in the system.
to represent the values of attributes Account-No., Balance,
Count, and Sum in the unary representation form since
each of them has only three diferent values. Moreover, we
only need to use 2 bits to represent the values of attribute
Account Type in the unary representation form since it has
two diferent values.</p>
      </sec>
      <sec id="sec-3-7">
        <title>To create a set of secret-shares for relation R (i.e., includ</title>
        <p>ing data and associated access control policies), we need
to represent each value of relation R in a unary form
as explained in Section 2.2. Example 8 shows how to
represent diferent numerical values in a unary form.
Example 8. Assume that a relation contains only
numerical values. Generally, a numerical value can be represented
by a unary array with 10 bits since we have only 10
numbers from ’0’ to ’9’ in decimal form. Hence, the number
’1’ can be represented as (11, 02, 03, ..., 010), where the
subscript indicates the position of the numerical value; since
’1’ is the first number, the first bit in the unary array is one
and others are zero. Similarly, ’2’ is (01, 12, 03, ..., 010), ...,
’9’ is (01, 02, ..., 08, 19, 010), and ’0’ is (01, 02, ..., 09, 110).</p>
      </sec>
      <sec id="sec-3-8">
        <title>By outsourcing the unary representation form of rela</title>
        <p>tion values, the data owner risks exposing the underlying
data. To mitigate this, the data owner employs b
polyno</p>
        <p>This process can be followed in a similar way to repre- mials of the same degree, where b represents the number
sent other symbols. Example 9 shows how to represent of bits in the unary representation of a value. These
diferent letters in the English alphabet in a unary form. polynomials generate b secret-shares for each specific
value, which are then distributed to a designated server.</p>
        <p>Example 9. The English alphabet contains 26 letters. Each Rather than transmitting the actual unary representation,
letter can be represented by a unary array with 26 bits. the secret-shares are sent. Example 1 in Section 2.2
proHence, ’A’ can be represented as (11, 02, ..., 026) since ’A’ vides a demonstration of this process for the value of
is the first letter and therefore, the first bit in the unary ”checking” in the attribute Account Type of the relation
array is one and others are zero. ’B’ can be represented as Account.
(01, 12, ..., 026) since ’B’ is the second letter and therefore, Assume that R with n tuples and m attributes denoted
the second bit in the unary array is one and others are zero, by  1,  2, ..., and   is a relation which should be
outand so on. sourced. In the case of tuple level policy attachment, two</p>
        <p>In the AA method, a data user can search for a b-bit new attributes Count and Sum are added to relation R
string pattern without the need for inter-server commu- whose values specify the ABAC policy attached to each
nication. Both the data owner and data user employ tuple of relation R. Therefore, relation   ( stands for
a polynomial of degree one, resulting in a final poly- tuple level policy attachment) with n tuples and m+2
atnomial degree of 2b due to secret-share multiplication tributes denoted by  1,  2, ...,   , , and  should
during string matching. Solving this polynomial requires be outsourced to a set of non-communicating servers. In
2b+1 secret-shares from diferent servers. However, in the case of attribute/cell level policy attachment, two new
some cases it is possible that values in relation R can be attributes are added for each attribute in relation R whose
mapped to a unary representation with fewer bits, ofer- values specify the ABAC policies associated with each
ing greater eficiency and reducing the required secret- attribute in relation R. Therefore, relation   ( stands
shares from non-communicating servers. Such mapping for attribute level policy attachment) with n tuples and (3
requires prior agreement between the data owner and × m) attributes denoted by  1,  1 ,  1 ,  2,  2 ,
data users, akin to marshaling in distributed systems. Ex-  2 , ...,   ,   , and   should be outsourced to a
ample 10 illustrates this process for the Account relation. set of non-communicating servers. Now, assume that  
is the value of the ith tuple and jth attribute in relations
Example 10. Table 7 shows the output of unary represen-   and   , and c is the number of non-communicating
tation of values in the relation Account including the tuple servers. Therefore, the data owner creates c secret-shares
level policy attachment (Table 5). We only need to use 3 bits for the value   (i.e., (  )). The result of this step is 
1,  2, ..., and   in the case
secret-shared relations (i.e., 
of tuple level policy attachment and  1,  2, ..., and  
in the case of attribute/cell policy attachment). Then,
the pth secret-shared relation (i.e.,   in the tuple level
policy attachment and   in the attribute/cell level policy
attachment) is outsourced to the pth server.</p>
      </sec>
      <sec id="sec-3-9">
        <title>To rewrite the aggregation SQL query submitted by</title>
        <p>the data user u at the server side, all servers need the list
of user groups of which the data user u is a member of
to add new query conditions as access conditions in the</p>
      </sec>
      <sec id="sec-3-10">
        <title>WHERE clause of the submitted query. To provide this</title>
        <p>information, the data owner creates relation userInfo =
(Credential, User Group) to store the values of credentials
and user groups for each registered data user in QFilter.
The values of attributes Credential and User Group are
inserted into relation userInfo during the user
registration process when a specific credential is created for the
data user u and all the ABAC policies specified by the
data owner are considered to find the list of user groups
of which the data user u with a set of identity attributes
is member of. However, outsourcing the values of
attribute User Group in relation userInfo may infer some
information about associated access control policies by
revealing relationships between diferent user groups
in the system. It is noted that servers need the exact
values of attribute Credential in the process of user’s
authentication. To prevent the leakage of access control
policies, the data owner creates c secret-shares for each
value of attribute User Group and then creates c relations
   
By outsourcing relation R as secret shares, the actual
values of relation R and associated access control policies
remain unknown to adversaries. Also, outsourcing the
secret shared values of the attribute User Group in the
userInfo relation does not reveal any information about
the user groups to adversaries. It relies on the
adversary’s inability to collude with the majority of servers
or access the communication channel between the data
owner and individual servers during data outsourcing
(as assumed in Section 3.2). Our solution employs
different polynomials to generate secret shares for each
occurrence of a specific value, ensuring that multiple
occurrences of a value have distinct secret shares.
Consequently, observing the secret-shared values does not
reveal any information about relation R or the attribute</p>
      </sec>
      <sec id="sec-3-11">
        <title>User Group in relation userInfo. This mitigates the risk of</title>
        <p>frequency analysis and protects against Frequent Count
Attacks. To conceal the actual number of user groups in
relation userInfo, the data owner can introduce unused
user groups and randomly assign registered data users
to them. For instance, Table 8 (b) may include fake user
groups to safeguard against the inference of user groups
and access policies. It is important to note that the actual
value of the attribute Credential cannot infer any
information about the access control policies associated with
the data items in relation R, as Credential is solely used
to authenticate the data users at the server side.</p>
        <sec id="sec-3-11-1">
          <title>5.2. Query Submission and Distribution</title>
        </sec>
      </sec>
      <sec id="sec-3-12">
        <title>Our proposed solution supports both the simple and multi</title>
        <p>dimensional aggregation SQL queries as shown in Table 9.</p>
      </sec>
      <sec id="sec-3-13">
        <title>In the following, we explain how a data user can submit and distribute an aggregation SQL query to the set of non-communicating servers.</title>
      </sec>
      <sec id="sec-3-14">
        <title>1. Simple aggregation SQL queries: Assume that</title>
        <p>the data user u wishes to submit the aggregation
SQL query  1 in the form of ”select  (
R” to the servers. This query will be distributed
to every individual server without any changes.
 ) from
2. Multi-dimensional aggregation SQL queries: In
the case that the data user u wishes to submit the
aggregation SQL query  2 in the form of ”select
and   ) should be represented in the unary form.</p>
      </sec>
      <sec id="sec-3-15">
        <title>Then, a set of  secret-shares should be created</title>
        <p>for each bit of them by the data user u, where  is
the number of non-communicating servers. Such
a process is explained in Example 1 in Section 2.2.</p>
      </sec>
      <sec id="sec-3-16">
        <title>Assume that the pth set of secret-shares for all</title>
        <p>bits of the values of   and   is denoted as (  )
and (  ) , respectively. Then, these secret-shares
Types of Supported Aggregation Queries in Our Proposed Approach
Aggregation SQL Query Type
Simple Aggregation SQL Queries
Multi-Dimensional Aggregation SQL Queries
Note:  can be ”count”, ”sum”, or ”avg” and  can be ”∧” or ”∨” operator.</p>
        <p>Query Format
select (
select (
 ) from R
 ) from R where (  =  ) 
... 
(  =  )
of ”select  (
5.2.1. Discussion about Information Leakage</p>
      </sec>
      <sec id="sec-3-17">
        <title>By employing diferent polynomials to create a set of</title>
        <p>secret shares for each value in each query condition, our
proposed solution hides the query pattern of the
submitted aggregation SQL query from adversaries. This
applies specifically to multi-dimensional aggregation SQL
queries, where the query pattern remains undisclosed.
Conversely, in the case of simple aggregation SQL queries
without any query conditions, there is no need to worry
about query patterns being obvious. However, it is worth
mentioning that adversaries can acquire information
about the submitted query, such as the type of query
(i.e., simple or multi-dimensional), the specific type of
aggregation function used (i.e., ”count,” ”sum,” or ”avg”),
the attribute to which the aggregation function is
applied, and the total number of conjunctive or disjunctive
equality query conditions. Nevertheless, this
information alone does not enable adversaries to ascertain the
exact values of outsourced data, associated access control
policies, query conditions, or query results, as they are
all represented in the form of secret shares.</p>
        <sec id="sec-3-17-1">
          <title>5.3. Query Rewriting and Processing</title>
        </sec>
      </sec>
      <sec id="sec-3-18">
        <title>In our proposed solution, every individual server performs the tasks of query rewriting and query processing without the need for communicating with other entities.</title>
        <p>5.3.1. Query Rewriting</p>
      </sec>
      <sec id="sec-3-19">
        <title>When an aggregation SQL query is submitted by the data</title>
        <p>user u on relation R, it is necessary for QFilter to check
the set of ABAC policies attached to relation R to restrict
the query result to the only data items which the data
user u has access to. In the following, we explain in
detail how QFilter obliviously rewrites an aggregation
SQL query at the server side.</p>
        <p>1. Simple aggregation SQL queries: Assume that the
aggregation SQL query   = ”select  (  ) from  ”
2. Multi-dimensional aggregation SQL queries:
Asin relation   or attribute   in relation   , and
 ) is the secret-share of the xth user group
(∀1 ≤  ≤  ) in relation    
 which the
data user u is a member of. In the process of query
rewriting, we need to add a query condition in
the WHERE clause of the query  ′ for each user
group which the data user u is member of since
the data user u can be a member of diferent user
groups and the set of ABAC policies are mapped
into user groups in the system.</p>
        <p>′
in relation   or attribute   in relation   , and
 ) is the secret-share of the xth user group
(∀1 ≤  ≤  ) in relation</p>
        <p>which
′
the data user u is a member of. In this case, a
set of query conditions is added in the WHERE
clause of the query   using ”∧” operator. These
query conditions are specified for the user groups
which the data user u is member of and each two
query conditions are combined together using ”∨”
operator.</p>
        <p>Example 12. Assume that the data user  1 with the
credential  1 wishes to submit the query Q in the form of
”Select count(Balance) from Account where (Account Type
= ”checking”)” on relation Account (in Table 5). Such a
query is distributed to the pth server in the form of
”Select count(Balance) from Account where (Account Type
pth server as follows: ”Select count(Balance) from
Account where (Account Type = (ℎ)
 ) ∧ (( =
3) )) since the data user  1 with the
5.3.2. Query Processing</p>
      </sec>
      <sec id="sec-3-20">
        <title>In query processing, the pth server (∀1 ≤  ≤  ) exe</title>
        <p>cutes the pth aggregation SQL query  ′ over the pth
outsourced relation   (i.e., relation   in the case of
tuple level access control and relation   in the case of
attribute/cell level access control) and filters the data items
that do not satisfy the query conditions in the query   .
To find the result of string matching (i.e., which can be
′
”0” or ”1” in the form of secret-share) for each query
condition in the query  ′ , the operator ⊙ as the string
matching operator is used by the pth server including a
bit-wise multiplication followed with an addition over all
values of bits of secret-shares in the unary representation
form. It is defined as follows:

 =
( ( )
( (
⎧
⎨
⎩( (
 ) ⊙ (  )
 ) )
 ) )
⊙ (  )
⊙ (  )
if  = 
if  =  
otherwise
  ), ( (
query</p>
        <p>′
where ( ( )</p>
        <p>) is the secret-share of attribute  in the
zth tuple of relation   (i.e.,   ), ( (
 ) ) is the
secretshare of attribute   in the zth tuple of relation   (i.e.,
zth tuple of relation   (i.e.,   or   ), and (  ) is the
secret-share of the corresponding query condition in the
 ) ) is the secret-share of attribute   in the
. It should be noted that  is the aggregation
′
function in the query   . Table 4 in Example 1 shows
how this operator can be used by every individual server
for obliviously searching the string pattern ”checking”
over outsourced data.</p>
        <p>The results of string matching can be used to compute
the result of a specific aggregation function in the form
of secret-share at the pth server. Such a process varies
depending on the type of aggregation functions. In the
following, we explain in detail how to exploit the result
of string matching to process aggregation functions.</p>
      </sec>
      <sec id="sec-3-21">
        <title>1. Count Function: The result of an aggregation</title>
        <p>SQL query including ”count” function can be
computed by the pth server using the following
operation:
set of attributes in the WHERE clause of query
  (and   ), and   is the ith  in the WHERE
 ∧</p>
        <p>′
clause of query   (∀1 ≤  ≤  ). To capture
the operation ”∧” and compute the final result
for each tuple z, the pth server executes the
following computation:
 ) in the form of secret-share
 = 
 × 


To capture the operation ”∨” and compute the
ifnal result of (
 ∨</p>
        <p>) in the form of
secret-share for each tuple z, the pth server
executes the following computation:

 = 
 + 
 − 
 × 


The correctness of the output of ”count” function
can be described as if the zth tuple has ”0” in the
form of secret-share as a comparison resultant
of (((

 2) ∨ ... ∨ 

  ⊛ ...) ⊛ 
 
 )) or (((
 
 )), it will produce ”0” in the
 ∨
 1
secret-share form as the result of this operation
for the zth tuple; therefore, the zth tuple will not
counted as the result of this operation. Thus, the
correct occurrences over all tuples that satisfy the
query’s WHERE clause are counted as the result
of this operation.
2. Sum Function: The result of an aggregation SQL
query including ”sum” function can be computed
by the pth server using the following operation:

′
two queries to the data user u. Upon arrival of
Execution of Multi-Dimensional SQL Query including ”Count” Function
5.3.3. Discussion about Information Leakage
 , the query
pat in query
condiBy rewriting the aggregation SQL query Q and
introducing a set of q query conditions in the WHERE clause,
where q represents the number of user groups the data
user belongs to in the relation    
tern of Q remains hidden from adversaries. The inclusion
of secret shares of the relation    
tions prevents adversaries from inferring any
information about user groups or their associated access control
policies. Additionally, the total number of user groups
to which the data user belongs can be obscured by the
presence of fake user groups in the relation    
employing string matching-based operators for
computing the aggregation functions ”count” and ”sum” in the
query Q, QFilter conceals the access pattern during query
processing and access authorization checking. This
ensures that the identity of tuples satisfying or being filtered
out from the query Q remains hidden from adversaries
since these operators include bit-wise multiplication
followed by addition over all values of bits of secret-shares
of attributes that appear in the query condition for each
tuple. Therefore, string matching-based operators
obliviously search for string pattern matching. Moreover, the
actual values and sizes of query results are masked from
 . By
Example 13. Assume that the query   in the form of
”Select count(Balance) from Account where (Account Type
result of the query   at the pth server using the following
′
ally, it is assumed that there are no conflicts among the
access control policies specified for the aggregation
functions ”sum” and ”count” in each data item. Therefore,
utilizing string matching-based operators to compute
these aggregation functions, instead of computing the
aggregation function ”avg”, does not leak any sensitive
information. This assumption is based on the premise
that either the aggregation functions ”count” and ”sum”
are allowed to be performed for a data item by setting
the same user group for that data item, or at least one
of them is denied by setting the user group of that data
item as  0. It should be noted that although adversaries
may obtain some information about the rewritten query
such as the exact type of submitted query (i.e., simple and
multi-dimensional queries), the specific type of
aggregation function used in the query (i.e., ”count”, ”sum”, and
”avg”), the attribute to which the aggregation function is
applied, and the total number of conjunctive or
disjunctive equality query conditions, this information alone
cannot help adversaries learn about the exact value of
outsourced data, associated access control policies, query
conditions, and query results. This is because they are
represented in a secret-shared form.</p>
        <sec id="sec-3-21-1">
          <title>5.4. Query Result Collection</title>
          <p>After receiving the query results in the form of secret
shares with an identical number of bits from diferent
servers, the data user performs the Lagrange
interpolation operation on the received results to obtain the final
answer for the submitted aggregation SQL query. This
process is explained in Example 1 in Section 2.2.</p>
        </sec>
        <sec id="sec-3-21-2">
          <title>5.5. Complexity of Our Approach</title>
          <p>Table 11 presents the complexity of our proposed
solution for processing various types of aggregation SQL
queries. As depicted in Table 11, our solution entails
a single communication round between the data user
and every individual server, as well as one computation
round to scan the tuples during the server-side query
processing for all types of aggregation SQL queries. To
interpolate the query results at the data user side, only
one computation round is needed for aggregation SQL
queries including the ”count” or ”sum” functions. For
aggregation SQL queries including the ”avg” function,
it requires two computation rounds (one for ”sum” and
one for ”count”) to perform the Lagrange interpolation
operation.</p>
        </sec>
      </sec>
    </sec>
    <sec id="sec-4">
      <title>6. Experimental Evaluation</title>
      <sec id="sec-4-1">
        <title>In this section, we evaluate the overhead of QFilter for data outsourcing and privacy preserving query processing through preliminary experiments.</title>
        <p>6.1. Setup</p>
      </sec>
      <sec id="sec-4-2">
        <title>We implemented QFilter using JAVA programming lan</title>
        <p>guage and conducted our experiments on a machine
equipped with a 3.60 GHz Intel® Core™ i7-7700 CPU
and 16 GB of RAM. This machine was utilized by the
data owner, data user, and every server involved in our
experiments.</p>
        <p>For generating datasets, we employed the LINEITEM
relation from the TPC-H benchmark. To prevent an
adversary to learn about the distribution of values in the
LINEITEM relation, we added a set of zeros to the left side
of the unary representation of values in such a way that
all values contain identical bits. To create secret shares
for the values in the LINEITEM relation, we selected
different polynomials of degree 1 with randomly generated
coeficients. Table 12 provides a comprehensive list of
the parameters used in our experiments, along with their
corresponding values.
for ”Count”, S for ”Sum”, and A for ”Avg”), XY represents
the type of queries (SI for ”Simple”, CE for ”Conjunctive
Equality”, and DE for ”Disjunctive Equality”), and Z
denotes the number of query conditions in the WHERE
clause of the query (i.e., 0, 2, and 4).</p>
        <p>In [42], it is demonstrated that the utilization of the
AA method [48] for privacy-preserving query processing
has outperformed existing approaches. Therefore, our
main focus here is to evaluate the overhead of QFilter for
data outsourcing and privacy preserving query
processing in two cases: tuple-level and attribute-level policy
attachments.</p>
        <sec id="sec-4-2-1">
          <title>6.2. Experimental Results</title>
        </sec>
      </sec>
      <sec id="sec-4-3">
        <title>In this section, we present the preliminary experimental results to demonstrate the performance overhead of QFilter for data outsourcing and privacy-preserving query processing.</title>
        <p>6.2.1. Computation at the Data Owner Side
Table 13 displays the average time required to create
secret shares for the LINEITEM relation, as well as the total
size of the generated dataset. In these measurements, we
considered a scenario where the number of attributes
was 4, the number of servers was 15, and no access policy
was attached to the relation.</p>
      </sec>
      <sec id="sec-4-4">
        <title>As observed in Table 13, it is evident that both the av</title>
        <p>erage time to create secret shares and the total size of the</p>
        <p>In our setting, we randomly selected 50% of the data generated dataset increase with an increasing number
items in the LINEITEM relation as accessible data items of tuples in the LINEITEM relation. QFilter requires 16
and assigned them to the user group  1. Conversely, bytes to store each value of the LINEITEM relation in
all inaccessible data items were assigned to the default unary representation form due to the uniform bit length
user group  0 (i.e., the Min User Group). We made the of all values within the LINEITEM relation. However, the
assumption that the data user submitting an aggregation creation of secret shares can still be accomplished within
SQL query belongs to the user group  1. a short period of time (approximately 2.15 microseconds</p>
        <p>We utilized a set of aggregation SQL queries in our for each attribute of the LINEITEM relation). Similar
experiments, named in the form of F-XYZ. Here, F de- results are obtained when the number of attributes
innotes the type of aggregation function in the query (C creases. It should be noted that attributes can be added to
the LINEITEM relation to specify access policies. How- ”count”. This is due to the need for an additional
mulever, the number of attributes to be added depends on tiplication operation for each tuple in the outsourced
the type of policy attachment, whether it is at the tuple relation. Furthermore, the computation time for
processlevel or the attribute/cell level. ing SQL queries including the aggregation function ”avg”</p>
        <p>Figure 2 shows the impact of number of attributes and is approximately the same as the computation time for
tuples on the computational overhead of QFilter to create processing the corresponding SQL query with the
aggresecret shares for both types of policy attachments. As gation function ”sum”. This is because the process of
shown in Figure 2a, the computational overhead to create computing the result of the aggregation function ”avg” at
secret shares for the tuple-level policy attachment de- the server side is accomplished by simultaneously
comcreases when the number of attributes in the LINEITEM puting the results of the corresponding aggregation SQL
relation increases. The reason is that only two new at- queries, including the aggregation functions ”sum” and
tributes should be added to the LINEITEM relation for the ”count”. Since the ”sum” function has more overhead
comaggregation functions ”count” and ”sum” in our proposed pared to the ”count” function, the overall computation
approach. However, increasing the number of attributes times for processing the aggregation functions ”sum” and
in the case of attribute-level policy attachment does not ”avg” remain similar. We also observed that as the
numhave any efect on the computational overhead. This ber of query conditions increases, the computation time
is due to the fact that two new attributes (for ”count” also increases, primarily due to the increased number of
and ”sum” functions) should be added in our proposed multiplications. Additionally, the computation time for
solution to specify ABAC policies for each attribute of processing aggregation SQL queries with attribute-level
the LINEITEM relation. It is also clear from Figure 2b policy attachment is always longer than that with
tuplethat the number of tuples does not have any efect on the level policy attachment. This diference can be attributed
computational overhead for both types of policy attach- to the longer data fetching and query processing time in
ments. This is because new attributes should be added the case of attribute-level policy attachment.
for each tuple of the LINEITEM relation in the process
of policy attachment.  −   − 
)(s
n
ie4
m
T
n
o
it
ta2
u
p
m
o
C
⋅109
C-SI0 S-SI0 A-SI0 C-CE2 S-CE2 A-CE2 C-CE4 S-CE4 A-CE4 C-DE2 S-DE2 A-DE2C-DE4 S-DE4 A-DE4</p>
        <p>Query Name</p>
        <p>Based on the experimental results presented here, it is
apparent that the computational overhead for processing
an aggregation SQL query at the server side can vary
depending on several factors. These factors include the
type of query, the specific aggregation function used,
the number of query conditions, and the type of policy
attachment.</p>
        <p>6.2.3. Computation at the Data User Side
) 200
%
(d150
eah100
rev 50
O 0
 − 
  −</p>
        <p>Based on the experimental results shown here, it
is obvious that there is a trade-of between enforcing
ifner granularity of access control and the computational
overhead for creating secret shares. QFilter provides
ifner granularity to specify ABAC policies in the case of
attribute-level policy attachment, but it imposes more
computational overhead compared to the tuple-level
policy attachment for creating secret shares at the data
owner side.</p>
        <p>Figure 4a illustrates the computation time for creating
secret shares of the values of query conditions for
ag6.2.2. Computation at the Server Side gregation SQL queries C-SI0, C-CE2, and C-CE4 at the
data user side, considering varying numbers of servers.</p>
        <p>Figure 3 illustrates the computation time required to pro- The computation time increases with a higher number
cess diferent aggregation SQL queries for both types of of servers and query conditions due to additional
compolicy attachments at the server side. As depicted in Fig- putations required. However, the process can still be
ure 3, the computation time for processing SQL queries completed quickly. Figure 4b displays the computation
including the aggregation function ”sum” is longer com- time for the Lagrange interpolation operation on received
pared to SQL queries including the aggregation function</p>
        <p>15
Number of Servers
25</p>
        <p>C-CE2
Type of Query</p>
        <p>C-CE4
(sn 1 ⋅106
)
e
m
i
T
ion0.5
tt
a
u
pm 0
oC 5
results from diferent servers to obtain the final answer Attribute Based Encryption (ABE) is a public key
for aggregation SQL queries C-SI0, C-CE2, and C-CE4 for cryptographic technique that achieves data
confidentialboth types of policy attachments. As shown in Figure 4b, ity, data privacy, and access control in data
outsourcthe computation time at the data user side is approxi- ing [68, 69]. It is mainly classified into two types:
Keymately the same for both types of policy attachments Policy ABE (KP-ABE) and Ciphertext-Policy ABE
(CPand diferent types of aggregation SQL queries since the ABE). In KP-ABE solutions [31, 32, 33, 34], the
ciphertotal number of received results from diferent servers text is based on user attributes, and the user’s secret
remains constant. It is worth noting that similar results keys are based on access policies, while in CP-ABE
sowere observed for other aggregation SQL queries. lutions [35, 36, 37], the ciphertext is based on access
policies, and the user’s secret keys are based on user
 −0  −2  −4  −  − attributes. However, these solutions may inadvertently
expose user attributes and access policies to the public
and are vulnerable to inference attacks [38, 39]. In
contrast, QFilter can protect both the privacy of data users
and the privacy of access policies.
(sn 2 ⋅106
)
e
im1.5
T
ion 1
t
tau0.5
p
oCm 0 C-SI0</p>
      </sec>
    </sec>
    <sec id="sec-5">
      <title>8. Conclusion and Future Works</title>
      <p>(a) Query Distribution
(b) Result Collection</p>
      <sec id="sec-5-1">
        <title>In theory, it is possible to utilize Fully Homomorphic</title>
        <p>
          Encryption (FHE) [
          <xref ref-type="bibr" rid="ref12">20, 21, 22, 23, 24</xref>
          ] to perform arbitrary
query processing operations on a relation, but it is
extremely complex and cannot practically support various
types of queries [11, 10, 53]. By contrast, QFilter employs
Shamir’s secret sharing scheme which can eficiently
process aggregation SQL queries over secret-shared data.
        </p>
        <p>Several proposals have been suggested to improve the
performance of FHE by utilizing specific hardware such
as GPUs [54, 55, 56, 57]. However, this technique
cannot be applied to low-cost hardware. In contrast, QFilter
can be run on any hardware. Another solution to
overcome the limitations of FHE is to employ Intel SGX as a
hardware-assisted Trusted Execution Environment (TEE),
which ofers high computational eficiency, generality,
and flexibility [ 58, 59, 60, 61]. However, this solution
exposes access patterns due to side-channel attacks (such
as cache timing [62, 63, 64], branch shadowing [65], and
page fault attacks [66, 67]) on Intel SGX. In contrast,
QFilter can obliviously evaluate aggregation SQL queries over
secret-shared data without revealing access patterns and
query patterns.</p>
      </sec>
    </sec>
    <sec id="sec-6">
      <title>Acknowledgments</title>
      <sec id="sec-6-1">
        <title>This work was partially funded by the BMWK project</title>
        <p>SafeFBDC (01MK21002K), the National Research Center
ATHENE, and the BMBF project TrustDBle (16KIS1267).</p>
        <p>We also want to thank hessian.AI at TU Darmstadt as
well as DFKI Darmstadt for the support.
cloud using fully homomorphic encryption, in: Pro- [31] V. Goyal, O. Pandey, A. Sahai, B. Waters,
Attributeceedings of the Second Workshop on Data Analytics based encryption for fine-grained access control
in the Cloud, ACM Press, New York, NY, USA, 2013, of encrypted data, in: Proceedings of the 13th
pp. 36–40. ACM conference on computer and communications
[21] M. Kim, H. T. Lee, S. Ling, B. H. M. Tan, H. Wang, security, ACM Press, New York, NY, USA, 2006, p.</p>
        <p>Private compound wildcard queries using fully ho- 89–98.
momorphic encryption, IEEE Transactions on De- [32] R. Ostrovsky, A. Sahai, B. Waters,
Attributependable and Secure Computing 16 (2019) 743–756. based encryption with non-monotonic access
struc[22] D. Boneh, C. Gentry, S. Halevi, F. Wang, D. J. Wu, tures, in: Proceedings of the 14th ACM conference
Private database queries using somewhat homomor- on computer and communications security, ACM
phic encryption, in: Proceedings of International Press, New York, NY, USA, 2007, p. 195–203.
Conference on Applied Cryptography and Network [33] A. Lewko, A. Sahai, B. Waters, Revocation
sysSecurity, Springer-Verlag, Berlin, Germany, 2013, tems with very small private keys, in:
Proceedpp. 102–118. ings of the 2010 IEEE Symposium on Security and
[23] M. Kim, H. T. Lee, S. Ling, H. Wang, On the efi- Privacy, IEEE Computer Society, Washington, DC,
ciency of fhe-based private queries, IEEE Trans- USA, 2010, pp. 273–285.
actions on Dependable and Secure Computing 15 [34] N. Attrapadung, B. Libert, E. de Panafieu,
Expres(2018) 357–363. sive key-policy attribute-based encryption with
[24] B. H. M. Tan, H. T. Lee, H. Wang, S. Ren, K. M. M. constant-size ciphertexts, in: Proceedings of the
InAung, Eficient private comparison queries over ternational Workshop on Public Key Cryptography,
encrypted databases using fully homomorphic en- Springer-Verlag, Berlin, Germany, 2011, p. 90–108.
cryption with finite fields, IEEE Transactions [35] J. Bethencourt, A. Sahai, B. Waters,
Ciphertexton Dependable and Secure Computing 18 (2021) policy attribute-based encryption, in: Proceedings
2861–2874. of the IEEE Symposium on Security and Privacy,
[25] E. Damiani, S. D. C. Vimercati, S. Jajodia, S. Para- IEEE Computer Society, Washington, DC, USA,
boschi, P. Samarati, Balancing confidentiality and 2007, pp. 321–334.
eficiency in untrusted relational dbmss, in: Pro- [36] L. Cheung, C. Newport, Provably secure ciphertext
ceedings of the 10th ACM conference on computer policy abe, in: Proceedings of the 14th ACM
conand communications security, ACM Press, New ference on Computer and communications security,
York, NY, USA, 2003, p. 93–102. ACM Press, New York, NY, USA, 2007, p. 456–465.
[26] S. Wang, D. Agrawal, A. E. Abbadi, A comprehen- [37] X. Liang, Z. Cao, H. Lin, D. Xing, Provably secure
sive framework for secure query processing on re- and eficient bounded ciphertext policy attribute
lational data in the cloud, in: Workshop on Secure based encryption, in: Proceedings of the 4th
InData Management, Springer-Verlag, Berlin, Ger- ternational Symposium on Information, Computer,
many, 2011, p. 52–69. and Communications Security, ACM Press, New
[27] M. Nabeel, E. Bertino, Privacy preserving dele- York, NY, USA, 2009, p. 343–352.
gated access control in public clouds, IEEE Transac- [38] J. Hao, J. Liu, H. Wang, L. Liu, M. Xian, X. Shen,
tions on Knowledge and Data Engineering 26 (2014) Eficient attribute-based access control with
autho2268–2280. rized search in cloud storage, IEEE Access 7 (2019)
[28] M. Nabeel, E. Bertino, Privacy preserving delegated 182772–182783.</p>
        <p>access control in the storage as a service model, [39] K. Yang, Q. Han, H. Li, K. Zheng, Z. Su, X. Shen,
in: Proceedings of the IEEE 13th International Con- An eficient and fine-grained big data access
conference on Information Reuse &amp; Integration, IEEE trol scheme with privacy-preserving policy, IEEE
Computer Society, Washington, DC, USA, 2012, pp. Internet of Things Journal 4 (2017) 563–571.
645–652. [40] S. Dolev, P. Gupta, Y. Li, S. Mehrotra, S. Sharma,
[29] B. Hore, S. Mehrotra, G. Tsudik, A privacy- Privacy-preserving secret shared computations
uspreserving index for range queries, in: Proceedings ing mapreduce, IEEE Transactions on Dependable
of the 13th international conference on very large and Secure Computing 18 (2021) 1645–1666.
data bases, Springer-Verlag, Berlin, Germany, 2004, [41] H. Corrigan-Gibbs, D. Boneh, Prio: Private, robust,
p. 720–731. and scalable computation of aggregate statistics, in:
[30] A. Sahai, B. Waters, Fuzzy identity-based encryp- 14th USENIX symposium on networked systems
tion, in: Proceedings of the Annual International design and implementation, ACM Press, New York,
Conference on the Theory and Applications of NY, USA, 2017, pp. 259–282.</p>
        <p>Cryptographic Techniques, Springer-Verlag, Berlin, [42] P. Gupta, Y. Li, S. Mehrotra, N. Panwar, S. Sharma,
Germany, 2005, p. 457–473. S. Almanee, Obscure: Information-theoretically
secure, oblivious, and verifiable aggregation queries Proceedings of 2014 IEEE International Symposium
on secret-shared outsourced data, IEEE Transac- on Circuits and Systems, IEEE Computer Society,
tions on Knowledge and Data Engineering 34 (2022) Washington, DC, USA, 2014, pp. 2800–2803.
843–864. [57] Özgün Özerk, C. Elgezen, A. C. Mert, E. Öztürk,
[43] F. Emekci, A. Methwally, D. Agrawal, A. ElAbbadi, E. Savaş, Eficient number theoretic transform
Dividing secrets to secure data outsourcing, Infor- implementation on gpu for homomorphic
encrypmation Sciences 263 (2014) 198–210. tion, The Journal of Supercomputing 78 (2022)
[44] A. Shamir, How to share a secret, Communications 2840–2872.</p>
        <p>of the ACM 22 (1979) 612–613. [58] Y. Chen, Q. Zheng, Z. Yan, D. Liu, Qshield:
Protect[45] V. Attasena, J. Darmont, N. Harbi, Secret sharing ing outsourced cloud data queries with multi-user
for cloud data security: a survey, The VLDB Journal access control based on sgx, IEEE Transactions on
26 (2017) 657–681. Parallel and Distributed Systems 32 (2021) 485–499.
[46] A. Chandramouli, A. Choudhury, A. Patra, A survey [59] F. Schuster, M. Costa, C. Fournet, C. Gkantsidis,
on perfectly-secure verifiable secret-sharing, ACM M. Peinado, G. Mainar-Ruiz, M. Russinovich, Vc3:
Computing Surveys 54 (2022) 1–36. Trustworthy data analytics in the cloud using sgx,
[47] C. Blundo, D. R. Stinson, Anonymous secret sharing in: Proceedings of 2015 IEEE Symposium on
Secuschemes, Discrete Applied Mathematics 77 (1997) rity and Privacy, IEEE Computer Society,
Washing13–28. ton, DC, USA, 2015, pp. 38–54.
[48] S. Dolev, N. Gilboa, X. Li, Accumulating automata [60] W. Sun, R. Zhang, W. Lou, Y. T. Hou, Rearguard:
and cascaded equations automata for communi- Secure keyword search using trusted hardware, in:
cationless information theoretically secure multi- Proceedings of IEEE Conference on Computer
Comparty computation, Theoretical Computer Science munications, IEEE Computer Society, Washington,
795 (2019) 81–99. DC, USA, 2018, pp. 801–809.
[49] D. Servos, S. L. Osborn, Current research and open [61] S. Bajaj, R. Sion, Trusteddb: A trusted
hardwareproblems in attribute-based access control, ACM based database with privacy and data
confidentialComputing Surveys 49 (2017) 1–45. ity, in: Proceedings of the 2011 ACM SIGMOD
[50] L. Wang, D. Wijesekera, S. Jajodia, A logic-based International Conference on Management of data,
framework for attribute based access control, in: ACM Press, New York, NY, USA, 2011, p. 205–216.
Proceedings of the 2004 ACM workshop on formal [62] J. Götzfried, M. Eckert, S. Schinzel, T. Müller, Cache
methods in security engineering, ACM Press, New attacks on intel sgx, in: Proceedings of the 10th
York, NY, USA, 2004, p. 45–55. European Workshop on Systems Security, ACM
[51] K. Frikken, M. Atallah, J. Li, Attribute-based access Press, New York, NY, USA, 2017, pp. 1–6.
control with hidden policies and hidden creden- [63] A. Moghimi, G. Irazoqui, T. Eisenbarth, Cachezoom:
tials, IEEE Transactions on Computers 55 (2006) How sgx amplifies the power of cache attacks, in:
1259–1270. Proceedings of the International Conference on
[52] X. Zhang, Y. Li, D. Nalla, An attribute-based access Cryptographic Hardware and Embedded Systems,
matrix model, in: Proceedings of the 2005 ACM Springer-Verlag, Berlin, Germany, 2017, p. 69–90.
Symposium on Applied Computing, ACM Press, [64] M. Schwarz, S. Weiser, D. Gruss, C. Maurice, S.
ManNew York, NY, USA, 2005, p. 359–363. gard, Malware guard extension: abusing intel sgx
[53] M. A. Hadavi, R. Jalili, E. Damiani, S. Cimato, Secu- to conceal cache attacks, Cybersecurity 3 (2020).
rity and searchability in secret sharing-based data [65] S. Hosseinzadeh, H. Liljestrand, V. Leppänen,
outsourcing, International Journal of Information A. Paverd, Mitigating branch-shadowing attacks
Security 14 (2015) 513–529. on intel sgx using control flow randomization, in:
[54] W. Wang, Y. Hu, L. Chen, X. Huang, B. Sunar, Accel- Proceedings of the 3rd Workshop on System
Softerating fully homomorphic encryption using gpu, ware for Trusted Execution, ACM Press, New York,
in: Proceedings of 2012 IEEE Conference on High NY, USA, 2018, p. 42–47.</p>
        <p>Performance Extreme Computing, IEEE Computer [66] K. Murdock, D. Oswald, F. D. Garcia, J. V. Bulck,
Society, Washington, DC, USA, 2012, pp. 1–5. D. Gruss, F. Piessens, Plundervolt: Software-based
[55] A. A. Badawi, B. Veeravalli, J. Lin, N. Xiao, fault injection attacks against intel sgx, in:
ProM. Kazuaki, A. K. M. Mi, Multi-gpu design and ceedings of the IEEE Symposium on Security and
performance evaluation of homomorphic encryp- Privacy, IEEE Computer Society, Washington, DC,
tion on gpu clusters, IEEE Transactions on Parallel USA, 2020, pp. 1466–1482.</p>
        <p>and Distributed Systems 32 (2021) 379–391. [67] S. Fei, Z. Yan, W. Ding, H. Xie, Security
vulnerabili[56] W. Wang, Z. Chen, X. Huang, Accelerating lev- ties of sgx and countermeasures: A survey, ACM
eled fully homomorphic encryption using gpu, in: Computing Surveys 54 (2022) 1–36.
[68] Y. Zhang, R. H. Deng, S. Xu, J. Sun, Q. Li, D. Zheng,</p>
        <p>Attribute-based encryption for cloud computing
access control: A survey, ACM Computing Surveys
53 (2021) 83:1–41.
[69] P. P. Kumar, P. S. Kumar, P. J. A. Alphonse,
Attribute based encryption in cloud computing: A
survey, gap analysis, and future directions, Journal
of Network and Computer Applications 108 (2018)
37–52.</p>
      </sec>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          3.
          <article-title>Design an algorithm to create a set of bins over [9</article-title>
          ]
          <string-name>
            <given-names>S.</given-names>
            <surname>Rizvi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Mendelzon</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Sudarshan</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Roy</surname>
          </string-name>
          ,
          <article-title>Exthe domain of the attribute values and organize tending query rewriting techniques for fine-grained these bins into an index tree, which can be used access control, in: Proceedings of the 2004 ACM to process range queries over secret shared data</article-title>
          .
          <source>SIGMOD international conference on Management</source>
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          4.
          <article-title>Design algorithms to process complex aggrega- of data</article-title>
          , ACM Press, New York, NY, USA,
          <year>2004</year>
          , p.
          <source>tion SQL queries, including multiple aggregation 551-562</source>
          .
          <article-title>functions with inequality conditions in the query</article-title>
          . [10]
          <string-name>
            <given-names>M. I.</given-names>
            <surname>Sarfraz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Nabeel</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Cao</surname>
          </string-name>
          , E. Bertino, Dbmask:
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          5.
          <string-name>
            <surname>Conduct</surname>
          </string-name>
          <article-title>a comprehensive experiment to evaluate Fine-grained access control on encrypted relational the eficiency and scalability of QFilter compared databases</article-title>
          ,
          <source>Transactions on Data Privacy</source>
          <volume>9</volume>
          (
          <year>2016</year>
          )
          <article-title>to existing approaches for privacy-preserving 187-214</article-title>
          . query processing. [11]
          <string-name>
            <given-names>M. I.</given-names>
            <surname>Sarfraz</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Nabeel</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Cao</surname>
          </string-name>
          , E. Bertino, Dbmask:
          <article-title>Fine-grained access control on encrypted relational databases</article-title>
          ,
          <source>in: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy</source>
          , ACM Press, New York, NY, USA,
          <year>2015</year>
          , pp.
          <fpage>1</fpage>
          -
          <lpage>11</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [12]
          <string-name>
            <given-names>J.-G.</given-names>
            <surname>Lee</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.-Y.</given-names>
            <surname>Whang</surname>
          </string-name>
          , W.-S. Han, I.-Y. Song,
          <article-title>The dynamic predicate: integrating access control with query processing in xml databases</article-title>
          ,
          <source>The VLDB Journal</source>
          <volume>16</volume>
          (
          <year>2007</year>
          )
          <fpage>371</fpage>
          -
          <lpage>387</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          [13]
          <string-name>
            <given-names>M.</given-names>
            <surname>Mirabi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Ibrahim</surname>
          </string-name>
          ,
          <string-name>
            <given-names>L.</given-names>
            <surname>Fathi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N. I.</given-names>
            <surname>Udzir</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Mamat</surname>
          </string-name>
          ,
          <article-title>A dynamic compressed accessibility map for secure xml querying and updating</article-title>
          ,
          <source>Journal of Information Science &amp; Engineering</source>
          <volume>31</volume>
          (
          <year>2015</year>
          )
          <fpage>59</fpage>
          -
          <lpage>93</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [14]
          <string-name>
            <given-names>M.</given-names>
            <surname>Mirabi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Ibrahim</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N. I.</given-names>
            <surname>Udzir</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Mamat</surname>
          </string-name>
          ,
          <article-title>A compact bit string accessibility map for secure xml query processing</article-title>
          ,
          <source>Procedia Computer Science</source>
          <volume>10</volume>
          (
          <year>2012</year>
          )
          <fpage>1172</fpage>
          -
          <lpage>1179</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [15]
          <string-name>
            <given-names>B.</given-names>
            <surname>Luo</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Lee</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W.-C.</given-names>
            <surname>Lee</surname>
          </string-name>
          , P. Liu,
          <article-title>Qfilter: finegrained run-time xml access control via nfa-based query rewriting</article-title>
          ,
          <source>in: Proceedings of the 13 ACM international conference on Information and knowledge management</source>
          , ACM Press, New York, NY, USA,
          <year>2004</year>
          , p.
          <fpage>543</fpage>
          -
          <lpage>552</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [16]
          <string-name>
            <given-names>R. A.</given-names>
            <surname>Popa</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C. M. S.</given-names>
            <surname>Redfield</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N.</given-names>
            <surname>Zeldovich</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Balakrishnan</surname>
          </string-name>
          , Cryptdb:
          <article-title>Protecting confidentiality with encrypted query processing</article-title>
          ,
          <source>in: Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP '11)</source>
          , ACM Press, New York, NY, USA,
          <year>2011</year>
          , pp.
          <fpage>85</fpage>
          -
          <lpage>100</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [17]
          <string-name>
            <given-names>D. T. T.</given-names>
            <surname>Anh</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Datta</surname>
          </string-name>
          ,
          <article-title>Streamforce: outsourcing access control enforcement for stream data to the clouds</article-title>
          ,
          <source>in: Proceedings of the 4th ACM conference on Data and application security and privacy</source>
          , ACM Press, New York, NY,
          <year>2014</year>
          , p.
          <fpage>13</fpage>
          -
          <lpage>24</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [18]
          <string-name>
            <given-names>C.</given-names>
            <surname>Thoma</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. J.</given-names>
            <surname>Lee</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Labrinidis</surname>
          </string-name>
          , Polystream:
          <article-title>Cryptographically enforced access controls for outsourced data stream processing</article-title>
          ,
          <source>in: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies</source>
          , ACM Press, New York, NY, USA,
          <year>2016</year>
          , p.
          <fpage>227</fpage>
          -
          <lpage>238</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          [19]
          <string-name>
            <given-names>J.</given-names>
            <surname>Li</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Li</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Liu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Jia</surname>
          </string-name>
          ,
          <article-title>Enabling eficient and secure data sharing in cloud computing</article-title>
          ,
          <source>Concurrency and Computation: Practice and Experience</source>
          <volume>26</volume>
          (
          <year>2014</year>
          )
          <fpage>1052</fpage>
          -
          <lpage>1066</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          [20]
          <string-name>
            <given-names>M.</given-names>
            <surname>Mani</surname>
          </string-name>
          ,
          <article-title>Enabling secure query processing in the</article-title>
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          [1]
          <string-name>
            <given-names>J.</given-names>
            <surname>Li</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Lin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. C.</given-names>
            <surname>Squicciarini</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Li</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Jia</surname>
          </string-name>
          ,
          <article-title>Towards privacy-preserving storage and retrieval in multiple clouds</article-title>
          ,
          <source>IEEE Transactions on Cloud Computing</source>
          <volume>5</volume>
          (
          <year>2017</year>
          )
          <fpage>499</fpage>
          -
          <lpage>509</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref14">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>M.</given-names>
            <surname>Li</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Yu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Ren</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W.</given-names>
            <surname>Lou</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Y. T.</given-names>
            <surname>Hou</surname>
          </string-name>
          ,
          <article-title>Toward privacy-assured and searchable cloud data storage services</article-title>
          ,
          <source>IEEE Network 27</source>
          (
          <year>2013</year>
          )
          <fpage>56</fpage>
          -
          <lpage>62</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref15">
        <mixed-citation>
          [3]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Mansouri</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A. N.</given-names>
            <surname>Toosi</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Buyya</surname>
          </string-name>
          ,
          <article-title>Data storage management in cloud environments: Taxonomy, survey, and future directions</article-title>
          ,
          <source>ACM Computing Surveys</source>
          <volume>50</volume>
          (
          <year>2018</year>
          )
          <fpage>1</fpage>
          -
          <lpage>51</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref16">
        <mixed-citation>
          [4]
          <string-name>
            <given-names>J.</given-names>
            <surname>Wei</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W.</given-names>
            <surname>Liu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>X.</given-names>
            <surname>Hu</surname>
          </string-name>
          ,
          <article-title>Secure data sharing in cloud computing using revocable-storage identity-based encryption</article-title>
          ,
          <source>IEEE Transactions on Cloud Computing</source>
          <volume>6</volume>
          (
          <year>2018</year>
          )
          <fpage>1136</fpage>
          -
          <lpage>1148</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref17">
        <mixed-citation>
          [5]
          <string-name>
            <given-names>C.</given-names>
            <surname>Ge</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W.</given-names>
            <surname>Susilo</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Liu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Xia</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Szalachowski</surname>
          </string-name>
          , L. Fang,
          <article-title>Secure keyword search and data sharing mechanism for cloud computing</article-title>
          ,
          <source>IEEE Transactions on Dependable and Secure Computing</source>
          <volume>18</volume>
          (
          <year>2021</year>
          )
          <fpage>2787</fpage>
          -
          <lpage>2800</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref18">
        <mixed-citation>
          [6]
          <string-name>
            <given-names>C.</given-names>
            <surname>Wang</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N.</given-names>
            <surname>Cao</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K.</given-names>
            <surname>Ren</surname>
          </string-name>
          , W. Lou,
          <article-title>Enabling secure and eficient ranked keyword search over outsourced cloud data</article-title>
          ,
          <source>IEEE Transactions on Parallel and Distributed System</source>
          <volume>23</volume>
          (
          <year>2012</year>
          )
          <fpage>1467</fpage>
          -
          <lpage>1479</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref19">
        <mixed-citation>
          [7]
          <string-name>
            <given-names>R. S.</given-names>
            <surname>Sandhu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P.</given-names>
            <surname>Samarati</surname>
          </string-name>
          ,
          <article-title>Access control: principle and practice</article-title>
          ,
          <source>IEEE communications magazine 32</source>
          (
          <year>1994</year>
          )
          <fpage>40</fpage>
          -
          <lpage>48</lpage>
          .
        </mixed-citation>
      </ref>
      <ref id="ref20">
        <mixed-citation>
          [8]
          <string-name>
            <given-names>I.</given-names>
            <surname>Indu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>P. M. R.</given-names>
            <surname>Anand</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Bhaskar</surname>
          </string-name>
          ,
          <article-title>Identity and access management in cloud environment: Mechanisms and challenges, Engineering science</article-title>
          and technology, an
          <source>international journal 21</source>
          (
          <year>2018</year>
          )
          <fpage>574</fpage>
          -
          <lpage>588</lpage>
          .
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>