Security policy verification for multi-domains in cloud systems

International Journal of Information Security

Volumn 13, Issue 2, 2014, Pages 97-111

  Gouglidis, Antonios ^a   Mavridis, Ioannis ^a   Hu, Vincent C ^b  

^a UNIVERSITY OF MACEDONIA   (Greece)

^b NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY   (United States)

Author keywords

Cloud computing; Collaboration; Multi domain; RBAC; Secure inter operation; Verification

Indexed keywords

CLOUD COMPUTING; ELASTICITY; MODEL CHECKING; VERIFICATION;

COLLABORATION; COLLABORATIVE ENVIRONMENTS; EFFICIENT MANAGEMENTS; MODEL-CHECKING TECHNIQUES; MULTI DOMAINS; NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY; RBAC; SECURE INTER-OPERATION;

SECURITY SYSTEMS;

EID: 84897101278     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-013-0205-x     Document Type: Article

References (54)

1. Alcaraz Calero, J., Edwards, N., Kirschnick, J., Wilcock, L., Wray, M.: Toward a multi-tenancy authorization system for cloud services. IEEE Secur. Priv. 8(6), 48-55 (2010).
2. Alloy. A language and tool for relational models, http://alloy. mit. edu/alloy/.
3. ANSI. ANSI INCITS 359-2004, role based access control, (2004).
4. Armando, A., Ranise, S.: Automated symbolic analysis of arbac-policies (extended version). arXiv, preprint arXiv: 1012. 5590, (2010).
5. Bacon, J., Evans, D., Eyers, D. M., Migliavacca, M., Pietzuch, P., Shand, B.: Enforcing end-to-end application security in the cloud (big ideas paper). In: Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware, pp. 293-312. Springer, Berlin (2010).
6. Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press, Cambridge (2008).
7. Boost. Boost c++ libraries, http://www. boost. org/, 2011.
8. Bryans, J. W., Fitzgerald, J. S.: Formal Engineering of XACML Access Control Policies in VDM++. Springer, Berlin (2007).
9. Capitani di Vimercati, S., Foresti, S., Samarati, P.: Authorization and access control. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management, Data-Centric Systems and Applications, pp. 39-53. Springer, Berlin (2007).
10. CITRIX. Available role based access control permissions for xenserver, http://support. citrix. com/article/ctx126441, (2013).
11. Crampton, J., Loizou, G.: Administrative scope and role hierarchy operations. In: In Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 145-154, (2002).
12. Ferraiolo, D. F., Kuhn, D. R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., (2003).
13. Fisler, K., Krishnamurthi, S., Meyerovich, L. A., Tschantz, M. C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, ICSE '05, pp. 196-205. ACM, New York (2005).
14. Foster, I., Yong, Z., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, 2008. GCE '08, pp. 1-10, (2008).
15. Gong, L., Qian, X.: Computational issues in secure interoperation, (1996).
16. Gouglidis, A., Mavridis, I.: domRBAC: An access control model for modern collaborative systems. Comput. Secur. 31(4), 540-556 (2012).
17. Hansen, F., Oleshchuk, V.: Conformance checking of RBAC policy and its implementation. In: Deng, R., Bao, F., Pang, H., Zhou, J. (eds.) Information Security Practice and Experience, volume 3439 of Lecture Notes in Computer Science, pp. 144-155. Springer, Berlin (2005).
18. Hu, H., Ahn, G.: Enabling verification and conformance testing for access control model. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT '08, pp. 195-204. ACM, New York (2008).
19. Hu, V. C., Kuhn, D. R., Xie, T.: Property verification for generic access control models. In: Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 02, EUC '08, pp. 243-250. IEEE Computer Society, Washington, DC (2008).
20. Hu, V. C., Kuhn, D. R., Xie, T., Hwang, J.: Model checking for verification of mandatory access control models and properties. Int. J. Softw. Eng. Knowl. Eng. 21(1), 103-127 (2011).
21. Hughes, G., Bultan, T.: Automated verification of access control policies using a SAT solver. Int. J. Softw. Tools Technol. Transf. 10(6), 503-520 (2008).
22. Hwang, J., Xie, T., Hu, V., Altunay, M.: ACPT: a tool for modeling and verifying access control policies. In: Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY '10, pp. 40-43. IEEE Computer Society, Washington, DC (2010).
23. Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., Chapin, S.: Automatic error finding in access-control policies. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pp. 163-174. ACM, New York (2011).
24. JeeHyun, H., Mine, A., Tao, X., Vincent, H. Model Checking Grid Policies. https://sites. google. com/site/gridpolicyproject/home.
25. Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards formal verification of role-based access control policies. IEEE Trans. Dependable Secur. Comput. 5, 242-255 (2008).
26. Krapivsky, P., Redner, S.: Network growth by copying. Phys. Rev. E 71(3), 036118 (2005).
27. Kuhn, D. R., Kacker, D. R.: Automated combinatorial test methods-beyond pairwise testing (2010).
28. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, 1st edn. Addison-Wesley Professional, Reading (2002).
29. Li, W., Wan, H., Ren, X., Li. S.: A refined rbac model for cloud computing. In: Computer and Information Science (ICIS), 2012 IEEE/ACIS 11th International Conference on, pp. 43-48, (2012).
30. Li, N., Byun, J.-W., Bertino, E.: A critique of the ANSI standard on role-based access control. IEEE Secur. Priv. 5(6), 41-49 (2007).
31. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Oreilly & Associates Inc, (2009).
32. Microsoft. Windows azure security guidance, http://www. windowsazure. com/en-us/develop/net/best-practices/security/, (2013).
33. Migliavacca, M., Papagiannis, I., Eyers, D. M., Shand, B., Bacon, J., Pietzuch, P.: Distributed middleware enforcement of event flow security policy. In: Middleware 2010, pp. 334-354. Springer, Berlin (2010).
34. NASA. Nebula's implementation of role based access control (RBAC), http://nebula. nasa. gov/blog/2010/06/03/nebulas-implementation-role-based-access-control-rbac/, (2010).
35. NetworkX. Networkx, http://networkx. lanl. gov/, (2012).
36. NIST. Combinatorial and Pairwise Testing, http://csrc. nist. gov/groups/sns/acts/, (2012).
37. NIST. Role based access control (RBAC) and role based security, http://csrc. nist. gov/groups/sns/rbac/index. html.
38. NuSMV. A New Symbolic Model Checker, http://nusmv. fbk. eu/.
39. Nuutila, E.: Efficient transitive closure computation in large digraphs. PhD thesis, Acta Polytechnica Scandinavica. Helsinki University of Technology, (1995).
40. Oh, S., Sandhu, R.: A model for role administration using organization structure, (2002).
41. OpenStack. Managing compute users, http://docs. openstack. org/diablo/openstack-compute/admin/content/managing-compute-users. html, (2013).
42. OpenStack. Users and projects, http://docs. openstack. org/diablo/openstack-compute/admin/content/users-and-projects. html (2013).
43. Peter, M., Timothy, G.: The NIST definition of cloud computing, September (2011).
44. Power, D., Slaymaker, M., Simpson, A.: Conformance checking of dynamic access control policies. In: Formal Methods and Software Engineering, pp. 227-242. Springer, Berlin (2011).
45. Purdom, P.: A transitive closure algorithm. BIT Numer. Math. 10, 76-94 (1970). doi: 10. 1007/BF01940892.
46. Sandhu, R. S., Samarati, P.: Access control: principles and practice. IEEE Commun. Mag. 32, 40-48 (1994).
47. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., Youman, C. E.: Role-based access control models. IEEE Comput. 29(2), 38-47 (1996).
48. Sandhu, R., Bhamidipati, V., Munawer, Q.: The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2(1), 105-135 (1999).
49. SAnToS Laboratory. Spec patterns, response property pattern, http://patterns. projects. cis. ksu. edu/, (2012).
50. Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a european bank: a case study and discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3-9. ACM (2001).
51. Shafiq, B., Joshi, J. B. D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. Knowl. Data Eng. 17(11), 1557 (2005).
52. SPIN. The SPIN model checker, http://spinroot. com/spin/.
53. Takabi, H., Joshi, J. B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. & Priv. 8(6), 24-31 (2010).
54. Tang, Z., Wei, J., Sallam, A., Li, K., Li, R.: A new rbac based access control model for cloud computing. In: Li, R., Cao, J., Bourgeois, J. (eds.) Advances in Grid and Pervasive Computing, volume 7296 of Lecture Notes in Computer Science, pp. 279-288. Springer, Berlin (2012).