摘要 |
Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data. |
主权项 |
1. A computer-implemented method for enforcing access control in encrypted query processing, the method being executed using one or more processors and comprising:
receiving, by the one or more processors, a query and a user credential, the user credential uniquely identifying a user requesting execution of the query; obtaining, by the one or more processors, a set of user groups based on the user credential and a user group mapping, the set of user groups comprising at least one user group; obtaining, by the one or more processors, a set of relations based on the query; obtaining, by the one or more processors, a set of virtual relations based on the set of user groups and the set of relations, the set of virtual relations comprising at least one virtual relation; receiving, by the one or more processors, a first rewritten query based on the set of virtual relations and a query rewriting operation; encrypting, by the one or more processors, the first rewritten query to provide an encrypted query; and transmitting, by the one or more processors, the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data. |