Users and companies are more and more resorting to external providers for
storing their data and making them available to others. Since data sharing
is typically selective (i.e., accesses to certain data should be allowed only to
authorized users), there is the problem of enforcing authorizations on the
outsourced data. Recently proposed approaches based on selective encryption
provide convenient enforcement of read privileges, but are not directly
applicable for supporting write privileges.
In this paper, we extend selective encryption approaches to the support of
write privileges. Our proposal enriches the approach based on key derivation
of existing solutions and complements it with a hash-based approach for
supporting write privileges. Enforcement of write privileges and of possible
policy updates relies on the - controlled - cooperation of the external provider.
Our solution also allows the data owner and the users to verify the integrity
of the outsourced data.