Recent approaches for protecting information in data out-

sourcing scenarios exploit the combined use of access control

and cryptography. In this context, the number of keys to be

distributed and managed by users can be maintained limited

by using a public catalog of tokens that allow key derivation

along a hierarchy. However, the public token catalog, by

expressing the key derivation relationships, may leak infor-

mation on the security policies (authorizations) enforced by

the system, which the data owner may instead wish to main-

tain con¯ dential.