Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Overview of Issues and Recent Developments in Cloud Computing and Storage Security Kapitel lesen Erstes Kapitel lesen

2014 | OriginalPaper | Buchkapitel

Trust-Based Access Control for Secure Cloud Computing

verfasst von : Indrajit Ray, Indrakshi Ray

Erschienen in: High Performance Cloud Auditing and Applications

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Multi-tenancy, elasticity and dynamicity pose several novel challenges for access control in a cloud environment. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and subject access requirements to resources may change during the course of the application execution. Users may need to acquire different permissions from different administrative domains based on the services in cloud computing environment. Traditional identity-based access control models such as attribute-based access control (ABAC), role-based access control (RBAC), discretionary access control (DAC), or mandatory access control (MAC) cannot be applied directly in clouds. In this chapter, we explore challenges of cloud access control, identify desirable properties of access control models, and introduce the novel graph-theoretic semantics of access control model. We specify how authorization occurs in the proposed model, and present how to incorporate features such as separation of duty (SoD).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Federated Cloud Security Architecture for Secure and Agile Clouds
Nächstes Kapitel Assured Information Sharing (AIS)Using Private Clouds
Literatur
1.
Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, NDSS’03, San Diego. The Internet Society (2003)
2.
Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the web. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, pp. 93–108. USENIX Association, Berkeley (2002)
3.
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001). doi:10.1145/501978.501979CrossRef
4.
Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: Access control in dynamic XM-based web-services with X-RBAC. In: Proceedings of the 1st International Conference on Web Services, San Diego, pp. 243–249. CSREA Press (2003)
5.
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for Web-services. Distrib. Parallel Databases 18(1), 83–105 (2005). doi:10.1007/s10619-005-1075-7CrossRef
6.
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 17th IEEE Symposium on Security and Privacy, SP’96, Oakland, pp. 164–173. IEEE Computer Society, Washington, DC (1996)
7.
8.
Bobba, R., Fatemieh, O., Khan, F., Gunter, C.A., Khurana, H.: Using attribute-based access control to enable attribute-based messaging. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC’06, Miami Beach, pp. 403–413. IEEE Computer Society, Washington, DC (2006). doi:10.1109/ACSAC.2006.53
9.
Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. J. Comput. Secur. 10(3), 241–271 (2002)
10.
Braynov, S., Sandholm, T.: Trust revelation in multiagent interaction. In: CHI 2002 Workshop on the Philosophy and Design of Socially Adept Technologies, Minneapolis, pp. 57–60 (2002)
11.
Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT’09, Stresa, pp. 197–206. ACM, New York (2009). doi:10.1145/1542207.1542239
12.
Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X.509 attribute certificates. IEEE Internet Comput. 7(2), 62–69 (2003). doi:10.1109/MIC.2003.1189190
13.
Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, SACMAT’06, Lake Tahoe, pp. 49–58. ACM, New York (2006). doi:10. 1145/1133058.1133067
14.
Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: a location and time-based RBAC model. In: Proceedings of the 6th International Conference on Web Information Systems Engineering, WISE’05, New York, pp. 361–375. Springer, Berlin/Heidelberg (2005). doi:10.1007/11581062_ 27
15.
Chen, L., Crampton, J.: On spatio-temporal constraints and inheritance in role-based access control. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS’08, Tokyo, pp. 205–216. ACM, New York (2008). doi:10.1145/1368310. 1368341
16.
Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP’07, Oakland, pp. 222–230. IEEE Computer Society, Washington, DC (2007). doi:10.1109/SP.2007.21
17.
Cohen, E., Thomas, R.K., Winsborough, W., Shands, D.: Models for coalition-based access control (CBAC). In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, SACMAT’02, Monterey, pp. 97–106. ACM, New York (2002). doi:10.1145/507711. 507727
18.
Covington, M.J., Long, W., Srinivasan, S., Dev, A.K., Ahamad, M., Abowd, G.D.: Securing context-aware applications using environment roles. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, SACMAT’01, Chantilly, pp. 10–20. ACM, New York (2001). doi:10.1145/373256.373258
19.
Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A context-aware security architecture for emerging applications. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC’02, Las Vegas. IEEE Computer Society, Washington, DC (2002)
20.
Coyne, E.J.: Role engineering. In: Proceedings of the 1st ACM Workshop on Role-Based Access Control, RBAC’95, Gaithersburg. ACM, New York (1996). doi:10.1145/270152.270159
21.
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. ACM Trans. Inf. Syst. Secur. 10(1) (2007). doi:10.1145/1210263.1210265
22.
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, CCS’98, San Francisco, pp. 38–48. ACM, New York (1998). doi:10.1145/288090.288102
23.
24.
Ferraiolo, D., Kuhn, R.: Role-based access controls. In: Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore, pp. 554–563 (1992)
25.
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001). doi:10.1145/501978.501980CrossRef
26.
Franco, L., Sahama, T., Croll, P.: Security enhanced Linux to enforce mandatory access control in health information systems. In: Proceedings of the 2nd Australasian Workshop on Health Data and Knowledge Management, HDKM’08, Wollongong, pp. 27–33. Australian Computer Society, Inc., Darlinghurst (2008)
27.
Frank, M., Basin, D., Buhmann, J.M.: A class of probabilistic models for role engineering. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS’08, Alexandria, pp. 299–310. ACM, New York (2008). doi:10.1145/1455770.1455809
28.
Georgiadis, C.K., Mavridis, I., Pangalos, G., Thomas, R.K.: Flexible team-based access control using contexts. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, SACMAT’01, Chantilly, pp. 21–27. ACM, New York (2001). doi:10.1145/373256. 373259
29.
Harrington, A., Jensen, C.: Cryptographic access control in a distributed file system. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT’03, Como, pp. 158–165. ACM, New York (2003). doi:10.1145/775412.775432
30.
Hu, V., Ferraiolo, D.F., Kuhn, D.R.: Assessment of access control systems. Interagency report 7316, National Institute of Standards and Technology (NIST) (2006)
31.
Jin, S., Ahn, J., Cha, S., Huh, J.: Architectural support for secure virtualization under a vulnerable hypervisor. In: Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO’11, Porto Alegre, pp. 272–283. ACM, New York (2011). doi:10. 1145/2155620.2155652
32.
Joshi, J.B.D., Shafiq, B., Ghafoor, A., Bertino, E.: Dependencies and separation of duty constraints in GTRBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, SACMAT’03, Como, pp. 51–64. ACM, New York (2003). doi:10.1145/ 775412.775420
33.
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005). doi:10.1109/TKDE.2005.1CrossRef
34.
Kandala, S., Sandhu, R., Bhamidipati, V.: An attribute based framework for risk-adaptive access control models. In: Proceedings of the 6th International Conference on Availability, Reliability and Security, ARES’11, Vienna, pp. 236–241. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ARES.2011.41
35.
Kumaraswamy, S., Lakshminarayanan, S., Reiter, M., Stein, J., Wilson, Y.: cloudsecurityalliance.org, domain 12: guidance for identity & access management v2.1. http://​goo.​gl/​Nnjg1 (2010)
36.
Li, N., Mitchell, J.C.: DATALOG with constraints: a foundation for trust management languages. In: Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, PADL’03, New Orleans, pp. 58–73. Springer, London (2003)
37.
Li, N., Mitchell, J.C.: RT: a role-based trust management framework. In: Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, Washington DC, vol. 1, pp. 201–212 (2003)
38.
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Abadi, M., Bellovin, S. (eds.) Proceedings of the 23rd IEEE Symposium on Security and Privacy, SP’02, Oakland, pp. 114–130. IEEE Computer Society, Washington, DC (2002)
39.
Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a flexible break-glass access control model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT’11, Innsbruck, pp. 73–82. ACM, New York (2011). doi:10.1145/1998441. 1998453
40.
McGraw, R.W.: Risk-adaptable access control. In: Proceedings of the 1st NIST Privilege Management Workshop, Gaithersburg (2009)
41.
42.
43.
Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: The 21st Annual IFIP TC-11 WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, pp. 211–226. Springer, Berlin/Heidelberg (2007)
44.
Ray, I., Toahchoodee, M.: A spatio-temporal access control model supporting delegation for pervasive computing applications. In: Proceedings of the 5th International Conference on Trust, Privacy and Security in Digital Business, TrustBus’08, Turin, pp. 48–58. Springer, Berlin/Heidelberg (2008). doi:10.​1007/​978-3-540-85735-8_​6
45.
Ray, I., Kumar, M., Yu, L.: LRBAC: a location-aware role-based access control model. In: Proceedings of the 2nd International Conference on Information Systems Security, ICISS’06, Kolkata, pp. 147–161. Springer, Berlin/Heidelberg (2006). doi:10.​1007/​11961635_​10
46.
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.​1145/​1653662.​1653687
47.
Ruj, S., Stojmenovic, M., Nayak, A.: Privacy preserving access control with authentication for securing data in clouds. In: Proceedings of the 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID’12, Ottawa, pp. 556–563. IEEE Computer Society, Washington, DC (2012). doi:10.1109/CCGrid.2012.92
48.
Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC’02, Las Vegas, pp. 343–352. IEEE Computer Society, Washington, DC (2002)
49.
Samuel, A., Ghafoor, A., Bertino, E.: A framework for specification and verification of generalized spatio-temporal role-based access control model. Technical report CERIAS TR 2007–08, Purdue University (2007)
50.
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996). doi:10.1109/ 2.485845CrossRef
51.
Tassanaviboon, A., Gong, G.: OAuth and ABE based authorization in semi-trusted cloud computing: aauth. In: Proceedings of the 2nd International Workshop on Data Intensive Computing in the Clouds, DataCloud-SC’11, Seattle, pp. 41–50. ACM, New York (2011). doi:10. 1145/2087522.2087531
52.
Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the 2nd ACM Workshop on Role-Based Access Control, RBAC’97, Fairfax, pp. 13–19. ACM, New York (1997). doi:10.1145/ 266741.266748
53.
Toahchoodee, M., Ray, I.: On the formal analysis of a spatio-temporal role-based access control model. In: Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, London, pp. 17–32. Springer, Berlin/Heidelberg (2008). doi:10.​1007/​978-3-540-70567-3_​2
54.
van den Akker, T., Snell, Q.O., Clement, M.J.: The YGuard access control model: set-based access control. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, SACMAT’01, Chantilly, pp. 75–84. ACM, New York (2001). doi:10.1145/373256. 373268
55.
Wang, Q., Jin, H.: Data leakage mitigation for discretionary access control in collaboration clouds. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT’11, Innsbruck, pp. 103–112. ACM, New York (2011). doi:10.1145/1998441. 1998457
56.
Ya-Jun, G., Fan, H., Qing-Guo, Z., Rong, L.: An access control model for ubiquitous computing application. In: Proceedings of the 2nd International Conference on Mobile Technology, Applications and Systems, Guangzhou, pp. 1–6 (2005)
Metadaten
Titel
Trust-Based Access Control for Secure Cloud Computing
verfasst von
Indrajit Ray
Indrakshi Ray
Copyright-Jahr
2014
Verlag
Springer New York
Buch
High Performance Cloud Auditing and Applications

Print ISBN: 978-1-4614-3295-1

Electronic ISBN: 978-1-4614-3296-8

Copyright-Jahr: 2014

DOI
https://doi.org/10.1007/978-1-4614-3296-8_8

Premium Partner

    Bildnachweise