nach oben

The Journal of Supercomputing

Erschienen in:

01.03.2014

Ontology-based access control model for security policy reasoning in cloud computing

verfasst von: Chang Choi, Junho Choi, Pankoo Kim

Erschienen in: The Journal of Supercomputing | Ausgabe 3/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

There are many security issues in cloud computing service environments, including virtualization, distributed big-data processing, serviceability, traffic management, application security, access control, authentication, and cryptography, among others. In particular, data access using various resources requires an authentication and access control model for integrated management and control in cloud computing environments. Cloud computing services are differentiated according to security policies because of differences in the permitted access right between service providers and users. RBAC (Role-based access control) and C-RBAC (Context-aware RBAC) models do not suggest effective and practical solutions for managers and users based on dynamic access control methods, suggesting a need for a new model of dynamic access control that can address the limitations of cloud computing characteristics. This paper proposes Onto-ACM (ontology-based access control model), a semantic analysis model that can address the difference in the permitted access control between service providers and users. The proposed model is a model of intelligent context-aware access for proactively applying the access level of resource access based on ontology reasoning and semantic analysis method.

Vorheriger Artikel A secure file sharing service for distributed computing environments

Nächster Artikel A new clustering algorithm based on data field in complex networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

This paper extends our previous work published on MIST 2012 [18].

Li X, He J (2011) A user-centric method for data privacy protection in cloud computing. In: 2011 international conference on computer, electrical, and systems sciences and engineering, pp 355–358

Bowen BM, Ben Salem M, Hershkop S (2009) Designing host and network sensors to mitigate the insider threat. IEEE Security Privacy Mag 7(6):22–29 CrossRef

Ferraiolo DF, Richard Kuhn D, Chandramouli R (2003) Role-based access control. Artech House, Norwood MATH

Corradi A, Montanari R, Tibaldi D (2004) Context-based access control for ubiquitous service provisioning. In: Proceedings of the 28th annual international computer software and applications conference, Sep. IEEE Press, New York, pp 444–451

Han W, Zhang J, Yao X (2005) Context-sensitive access control model and implementation. In: Proceedings of the fifth international conference on computer and information technology. IEEE Press, New York, pp 757–763

Cappelli D, Moore A, Trzeciak R, Shimeall TJ (2006) Common sense guide to prevention and detection of insider threats. Carnegie Mellon University

Ahn G-J, Sandhu R (2000) Role-based authorization constraints specification. ACM Trans Inf Syst Secur 3(4):207–226 CrossRef

Bertino E, Bonatti PA, Ferrari E (2001) Trbac: a temporal role-based access control model. ACM Trans Inf Syst Secur 4(3):191–233 CrossRef

Joshi JBD, Bertino E, Latif U, Ghafoor A (2005) A generalized temporal role-based access control model. IEEE Trans Knowl Data Eng 17(1):4–23 CrossRef

10.

Li N, Tripunitara MV (2006) Security analysis in role-based access control. ACM Trans Inf Syst Secur 9(4):391–420 CrossRef

11.

Finin T, Joshi A, Kagal L, Niu J, Sandhu R, Winsborough W, Thuraisingham B (2008) ROWLBAC: representing role based access control in OWL. In: Proceedings of the 13th ACM symposium on access control models and technologies. ACM, New York, pp 73–82 CrossRef

12.

Macfie A, Kataria P, Koay N, Dagdeviren H, Juric R, Madani K (2008) Ontology based access control derived from dynamic RBAC and its context constraints. In: Proceedings of the 11th international conference on integrated design and process technology (IDPT 2008), Taichung, Taiwan, 1–6 June 2008

13.

Kalajainen T (2007) An access control model in a semantic data structure: case process modelling of a bleaching line. Department of Computer Science and Engineering

14.

Nabeel Tahir M (2007) C-RBAC: Contextual role-based access control model. Ubiquitous Comput Commun J 2(3):67–74

15.

Eom J-h, Park S-H, Chung T-M (2008) A study on architecture of access control system with enforced security control for ubiquitous computing environment. J Korean Inst Inf Secur Cryptol 18(5):71–81

16.

Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47 CrossRef

17.

Zoua D, Heb L, Jina H, Chenc X (2009) CRBAC: imposing multi-grained constraints on the RBAC model in the multi-application environment. J Netw Comput Appl 32(2):402–411 CrossRef

18.

Choi C, Choi J, Ko B, Oh K, Kim P (2012) A design of onto-ACM(Ontology based access control model) in cloud computing environments. J Internet Serv Inf Secur 2(3/4):54–64

19.

Apache Jena Project (2013). http://jena.apache.org/

20.

Kiyomoto S, Fukushima K, Miyake Y (2011) Towards secure cloud computing architecture—a solution based on software protection mechanism. J Internet Serv Inf Secur 1(1):4–17

21.

Pieters W (2011) Representing humans in system security models: an actor-network approach. J Wirel Mobile Netw Ubiquitous Comput Depend Appl 2(1):75–92

22.

Zia TA, Zomaya AY (2011) A lightweight security framework for wireless sensor networks. J Wirel Mobile Netw Ubiquitous Comput Depend Appl 2(3):53–73

23.

Jung JJ (2012) Evolutionary approach for semantic-based query sampling in large-scale information sources. Inf Sci 182(1):30–39 CrossRef

24.

Jung JJ (2012) ContextGrid: a contextual mashup-based collaborative browsing system. Inf Syst Front 14(4):953–961 CrossRef

25.

Jung JJ (2011) Service chain-based business alliance formation in service-oriented architecture. Expert Syst Appl 38(3):2206–2211 CrossRef

Titel: Ontology-based access control model for security policy reasoning in cloud computing
verfasst von: Chang Choi
Junho Choi
Pankoo Kim
Publikationsdatum: 01.03.2014
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 3/2014
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-013-0980-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 3/2014

A secure wireless communication system integrating RSA, Diffie–Hellman PKDS, intelligent protection-key chains and a Data Connection Core in a 4G environment

A new clustering algorithm based on data field in complex networks

Effective connectivity analysis of fMRI data based on network motifs

Deniability and forward secrecy of one-round authenticated key exchange

A secure file sharing service for distributed computing environments

Grid-based recording and replay architecture in hybrid remote experiment using distributed streaming network