nach oben

Annals of Telecommunications

Erschienen in:

21.11.2016

EACF: extensible access control framework for cloud environments

verfasst von: Faria Mehak, Rahat Masood, Muhammad Awais Shibli, Islam Elgedway

Erschienen in: Annals of Telecommunications | Ausgabe 5-6/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The dynamic authorization and continuous monitoring of resource usage in cloud environments is a challenge. Moreover, the extant access control techniques are not well-suited for all types of the cloud-hosted applications predominantly for two reasons. Firstly, these techniques lack in providing features such as generality, extensibility, and flexibility. Secondly, they are static in nature, such that once the user is authorized, they do not evaluate the access request during and after the resource usage. Every application hosted in the cloud has its own requirement of evaluating access request; some applications require request evaluation before assigning resources, while some require continuous monitoring of resource usage along with a dynamic update of attribute values. To address these diverse requirements, we present an Extensible Access Control Framework (EACF) for cloud-based applications, which provides high-level extensibility by incorporating different access control models about the needs of the Cloud service consumers (organizations). A number of access control models are combined in the EACF, which provides reliable authorization service for managing and controlling access to the software as a service-hosted cloud applications.It also helps cloud consumers to provide authorized access to resources (data), as well as contributes to eliminate the need to write customized security code for individual applications. As a case study, three access control models are incorporated into the framework and tested on SaaS-hosted application DSpace to ascertain that the proposed features are functional and working fine.

Vorheriger Artikel Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks

Nächster Artikel Security and management framework for an organization operating in cloud environment

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

SaaS is a service delivery model which is meant to provide softwares and related functionalities using web based service remotely over the network. Due to this model, users are now free from installing applications and services on their local systems; instead, all the services are provided and managed over the internet and software and hardware management is no more concern for the application users.

OASIS XACML 3.0 has been used as a base line in our proposed framework. PDP, PEP and PAP are only the XACML components which serve the purpose of authorization request/response processing. The objective to use XACML in our framework is to offer an underlying common policy language format. XACML is a specification language and is used to develop the base of our framework.

An exemplary XACML profile of RBAC has been provided by OASIS. We took the RBAC profile as a sample and used its basic constructs to develop profiles of UCON, ABAC, and FGAC. The very first step in developing a generic framework is to construct its XACML profile, convert it into code, and plug-in with framework. If EACF needs to incorporate a new access control model, then first, we need to develop its profile, and then incorporate it in framework using Balana or any suitable implementation.

Gouglidis A (2011) Towards new access control models for cloud computing systems. Kaspersky

Tang Z, Wei J, Sallam A, Li K, Li R (2012) A new RBAC based access control model for cloud computing. In: Advances in Grid and Pervasive Computing. Springer, pp 279–288

Ghazia U, Masood R, Awais Shibli M (2012) Comparative analysis of access control systems on the cloud. In: 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel & Distributed Computing (SNPD). IEEE, pp 41–46

Majumder A, Namasudra S, Nath S (2014) Taxonomy and classification of access control models for cloud environments. In: Continued Rise of the Cloud. Springer, pp 23–53

Ferraiolo D, Cugini J, Kuhn DR (1995) Role-based access control (RBAC): Features and motivations. In: Proceedings of 11th Annual Computer Security Application Conference, pp 241–48

Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. ACM, pp 57–64

Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control, ACM

Yuan E, Jin T (2005) Attributed based access control (abac) for web services. In: Proceedings of the IEEE International Conference on Web Services (ICWS). IEEE

Li J, Zhao G, Chen X, Xie D, Rong C, Li W, Tang L, Tang Y (2010) Fine-grained data access control systems with user accountability in cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, pp 89–96

10.

Shi J, Zhu H (2010) A fine-grained access control model for relational databases. J Zhejiang Univ Sci C 11 (8):575–586CrossRef

11.

Godik Simon, Anderson Anne, Parducci B, et al. (2002) Oasis extensible access control markup language (XACML) 3. Technical report, Technical Representative. OASIS

12.

GitHub wso2 (2016) WSO2 Balana Implementation

13.

Masood R, Shibli MA, et al. (2015) Cloud authorization: exploring techniques and approach towards effective access control framework. Frontiers of Computer Science 9(2):297–321MathSciNetCrossRef

14.

Younis YA, Kifayat K, Merabti M (2014) An access control model for cloud computing. Journal of Information Security and Applications 19(1):45–60CrossRef

15.

Lang U (2010) Openpmf scaas: Authorization as a service for cloud & soa applications. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, pp 634–643

16.

Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A (2011) A distributed access control architecture for cloud computing. IEEE

17.

Sirisha A, Kumari GG (2010) API access control in cloud using the role based access control model. In: Trendz in Information Sciences & Computing (TISC), 2010. IEEE, pp 135–137

18.

Zhang Y, Chen JL (2012) Access control as a service for public cloud storage. In: 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW). IEEE, pp 526– 536

19.

Mon EE, Naing TT (2011) The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 4th International Conference on Broadband Network and Multimedia Technology (IC-BNMT). IEEE, pp 447– 451

20.

Bates A, Mood B, Valafar M, Butler K (2013) Towards secure provenance-based access control in cloud environments. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. ACM, pp 277–284

21.

Lazouski A, Mancini G, Martinelli F, Mori P (2012) Usage control in cloud systems. In: 2012 International Conference for Internet Technology And Secured Transactions. IEEE, pp 202–207

22.

Masood R, Awais Shibli M, Bilal M, et al. (2012) Usage control model specification in XACML policy language. In: Computer Information Systems and Industrial Management. Springer, pp 68–79

23.

Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings of INFOCOM. IEEE, pp 1–9

24.

Li XY, Shi Y, Guo Y, Ma W (2010) Multi-tenancy based access control in cloud. In: International Conference on Computational Intelligence and Software Engineering (CiSE). IEEE , pp 1–4

25.

Popa L, Minlan Y, Ko SY, Ratnasamy S, Stoica I (2010) Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, p 7

26.

Zhu J, Wen Q (2012) Saas access control research based on ucon. In: 2012 Fourth International Conference on Digital Home (ICDH). IEEE, pp 331–334

27.

Huang J, Nicol D, Bobba R, Huh JH (2012) A framework integrating attribute-based policies into role-based access control. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, pp 187–196

28.

Khamadja S, Adi K, Logrippo L (2013) An access control framework for hybrid policies. In: Proceedings of the 6th International Conference on Security of Information and Networks. ACM, pp 282–286

29.

Upadhyaya S (2011) Mandatory access control. In: Encyclopedia of Cryptography and Security. Springer, pp 756–758

30.

Khamadja S, Adi K, Logrippo L (2013) Designing flexible access control models for the cloud. In: Proceedings of the 6th International Conference on Security of Information and Networks, pages 225–232 ACM

31.

Yang K, Jia X, Ren K (2013) Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, pp 523– 528

32.

Rashwand S, Mišić J (2010) A novel access control framework for secure pervasive computing. In: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference. ACM, pp 829–833

33.

Hansmann U (2003) Pervasive computing: The mobile world. Springer

34.

Ullah S, Xuefeng Z, Feng Z (2013) Tcloud: A dynamic framework and policies for access control across multiple domains in cloud computing. Int J Comput Appl 62(2):01–07

35.

Mchumo S, Chi H (2010) A framework for access control model in enterprise healthcare via saml. In: Proceedings of the 48th Annual Southeast Regional Conference. ACM, p 113

36.

Costabello L, Villata S, Delaforge N, Gandon F (2012) Shi3ld: an access control framework for the mobile web of data. In: Proceedings of the 23rd ACM Conference on Hypertext and Social Media. ACM, pp 311–312

37.

Ferraiolo D, Atluri V, Gavrila S (2011) The policy machine: a novel architecture and framework for access control policy specification and enforcement. J Syst Archit 57(4):412–424CrossRef

38.

Baker PH (2001) Security Assertions Markup Language. May 14:1–24

39.

Rissanen E eXtensible Access Control Markup Language (XACML) version 3.0 (committe specification 01). In Technical report, OASIS, http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.pdf

40.

Gamma E, Beck K (2006) Junit

41.

Smith M, Barton M, Bass M, Branschofsky M, McClellan G, Stuve D, Tansley R, Walker JH (2003) Dspace: An open source dynamic digital repository. Corporation for National Research Initiatives

42.

Mao Y, Junqueira FP, Marzullo K (2008) Mencius: Building efficient replicated state machines for wans. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation OSDI’08,. USENIX Association, Berkeley, CA, pp 369–384

43.

Amir Y, Coan B, Kirsch J, Lane J (2007) Customizable fault tolerance forwide-area replication. In: Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems, SRDS ’07. IEEE Computer Society, Washington, DC, pp 65–82

Titel: EACF: extensible access control framework for cloud environments
verfasst von: Faria Mehak
Rahat Masood
Muhammad Awais Shibli
Islam Elgedway
Publikationsdatum: 21.11.2016
Verlag: Springer Paris
Erschienen in: Annals of Telecommunications / Ausgabe 5-6/2017
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-016-0548-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 5-6/2017

IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider

Securing wireless sensor networks for improved performance in cloud-based environments

The three-dimensional model for dependability integration in cloud computing

Software-defined systems support for secure cloud computing based on data classification

Service resizing for quick DDoS mitigation in cloud computing environment

An empirical study on acceptance of secure healthcare service in Malaysia, Pakistan, and Saudi Arabia: a mobile cloud computing perspective

Premium Partner