A dynamic risk-based access control architecture for cloud computing

IEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World

Volumn , Issue , 2014, Pages

  Dos Santos, Daniel Ricardo ^a   Westphall, Carla Merkle ^a   Westphall, Carlos Becker ^a  

^a FEDERAL UNIVERSITY OF SANTA CATARINA   (Brazil)

Author keywords

[No Author keywords available]

Indexed keywords

CLOUD COMPUTING; WEB SERVICES;

ACCESS CONTROL ARCHITECTURE; ACCESS CONTROL MODELS; CLOUD SERVICE PROVIDERS; DISTRIBUTED COMPUTING MODELS; DYNAMIC ACCESS CONTROL; HETEROGENEOUS ENVIRONMENTS; IDENTITY AND ACCESS MANAGEMENTS; INFORMATION SHARING;

ACCESS CONTROL;

EID: 84904176597     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NOMS.2014.6838319     Document Type: Conference Paper

References (39)

1. P. Mell and T. Grance. (2011) The nist definition of cloud computing. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-145/SP800- 145.pdf
2. K. Ren, C. Wang, and Q. Wang, "Security challenges for the public cloud," Internet Computing, IEEE, vol. 16, no. 1, pp. 69-73, jan.-feb. 2012.
3. B. Grobauer, T. Walloschek, and E. Stocker, "Understanding cloud computing vulnerabilities," Security & Privacy, IEEE, vol. 9, no. 2, pp. 50-57, march-april 2011.
4. E. Bertino and K. Takahashi, Identity Management: Concepts, Technologies, and Systems. Artech House, 2011.
5. D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, vol. 28, no. 3, pp. 583-592, 2012.
6. JASON Program Office, "Horizontal integration: Broader access models for realizing information dominance," MITRE Corporation, Tech. Rep., 12 2004.
7. P. Harsh, Y. Jegou, R. G. Cascella, and C. Morin, "Contrail virtual execution platform challenges in being part of a cloud federation," in Proceedings of the 4th European conference on Towards a service-based internet. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 50-61.
8. T. Kurze, M. Klems, D. Bermbach, A. Lenk, S. Tai, and M. Kunze, "Cloud federation," in The Second International Conference on Cloud Computing, GRIDs, and Virtualization, september 2011, pp. 32-38.
9. M. Al Zain, E. Pardede, B. Soh, and J. Thom, "Cloud computing security: From single to multi-clouds," in 45th Hawaii International Conference on System Science, jan. 2012, pp. 5490-5499.
10. M. Vukolić, "The byzantine empire in the intercloud," SIGACT News, vol. 41, no. 3, pp. 105-111, Sep. 2010.
11. D. Bernstein, E. Ludvigson, K. Sankar, S. Diamond, and M. Morrow, "Blueprint for the intercloud - protocols and formats for cloud computing interoperability," in 4th International Conference on Internet and Web Applications and Services, may 2009, pp. 328-336.
12. R. Buyya, R. Ranjan, and R. Calheiros, "Intercloud: Utility-oriented federation of cloud computing environments for scaling of application services," in Algorithms and Architectures for Parallel Processing, ser. Lecture Notes in Computer Science. Springer Berlin/Heidelberg, 2010, vol. 6081, pp. 13-31.
13. N. Grozev and R. Buyya, "Inter-cloud architectures and application brokering: taxonomy and survey," Software: Practice and Experience, 2012.
14. M. Benantar, Access Control Systems: Security, Identity Management and Trust Models. Springer, 2006.
15. ITU-T, "Baseline capabilities for enhanced global identity management and interoperability," 2009. [Online]. Available: http://www.itu.int/rec/http://www.itu.int/rec/TREC-X.1250-200909-I
16. D. W. Chadwick, "Federated identity management," in Foundations of Security Analysis and Design V, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009, vol. 5705, pp. 96-120.
17. P. Arias Cabarcos, F. Almenárez Mendoza, A. Marín- López, and D. Díaz-Sánchez, "Enabling saml for dynamic identity federation management," in Wireless and Mobile Networking, ser. IFIP Advances in Information and Communication Technology. Springer Berlin Heidelberg, 2009, vol. 308, pp. 173-184.
18. K. Lampropoulos and S. Denazis, "Identity management directions in future internet," Communications Magazine, IEEE, vol. 49, no. 12, pp. 74-83, december 2012.
19. P. Samarati and S. de Vimercati, "Access control: Policies, models, and mechanisms," in Foundations of Security Analysis and Design, ser. Lecture Notes in Computer Science, 2001, vol. 2171, pp. 137-196.
20. G. Zhang and M. Parashar, "Dynamic context-aware access control for grid applications," in Fourth International Workshop on Grid Computing, nov. 2003, pp. 101-108.
21. D. Fall, G. Blanc, T. Okuda, Y. Kadobayashi, and S. Yamaguchi, "Toward Quantified Risk-Adaptive Access Control for Multi-tenant Cloud Computing," in Proceedings of the 6th Joint Workshop on Information Security, October 2011.
22. A. D. Brucker and H. Petritsch, "Extending access control models with break-glass," in Proceedings of the 14th ACM symposium on Access control models and technologies. New York, NY, USA: ACM, 2009, pp. 197-206.
23. N. N. Diep, S. Lee, Y.-K. Lee, and H. Lee, "Contextual risk-based access control," in Security and Management, 2007, pp. 406-412.
24. G. Peterson, "Introduction to identity management risk metrics," Security & Privacy, IEEE, vol. 4, no. 4, pp. 88-91, 2006.
25. B. Farroha and D. Farroha, "Challenges of operationalizing dynamic system access control: Transitioning from abac to radac," in IEEE International Systems Conference, march 2012, pp. 1-7.
26. P. C. Cheng, P. Rohatgi, C. Keser, P. Karger, G. Wagner, and A. Reninger, "Fuzzy multi-level security: An experiment on quantified risk-adaptive access control," in IEEE Symposium on Security and Privacy, 2007, pp. 222-230.
27. Q. Ni, E. Bertino, and J. Lobo, "Risk-based access control systems built on fuzzy inferences," in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. New York, NY, USA: ACM, 2010, pp. 250-260.
28. I. Molloy, L. Dickens, C. Morisset, P.-C. Cheng, J. Lobo, and A. Russo, "Risk-based security decisions under uncertainty," in Proceedings of the second ACM conference on Data and Application Security and Privacy. New York, NY, USA: ACM, 2012, pp. 157-168.
29. J. Vollbrecht, P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, and D. Spence, "AAA Authorization Framework," RFC 2904 (Informational), Internet Engineering Task Force, Aug. 2000. [Online]. Available: http://www.ietf.org/rfc/rfc2904.txt
30. OASIS. (2003) A brief introduction to xacml. [Online]. Available: https://www.oasisopen.org/committees/download.php/2713/Brief Introduction to XACML.html
31. D. N. Sriram, "Federated identitiy management in intercloud," Master's thesis, Der Technishcen Universitat Munchen, january 2013.
32. D. R. dos Santos, C. M. Westphall, and C. B. Westphall, "Risk-based dynamic access control for a highly scalable cloud federation," in 7th International Conference on Emerging Security Information Systems and Technologies, 2013, pp. 8-13.
33. D. Britton and I. Brown, A security risk measurement for the RAdAC model, 2007.
34. M. Sharma, Y. Bai, S. Chung, and L. Dai, "Using risk in access control for cloud-assisted ehealth," in IEEE 14th International Conference on High Performance Computing and Communication, 2012, 2012, pp. 1047-1052.
35. V. Hu, D. Ferraiolo, and D. R. Kuhn, "Assessment of Access Control Systems, Interagency Report 7316," National Institute of Standards and Technology, Tech. Rep., 2006.
36. P. Arias-Cabarcos, F. Almenárez-Mendoza, A. Marín- López, D. Díaz-Sánchez, and R. Sánchez-Guerrero, "A metric-based approach to assess risk for "on cloud" federated identity management," Journal of Network and Systems Management, vol. 20, pp. 513-533, 2012.
37. A. Celesti, F. Tusa, M. Villari, and A. Puliafito, "Security and cloud computing: Intercloud identity management infrastructure," in 19th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises, june 2010, pp. 263-265.
38. D. Bernstein and D. Vij, "Intercloud directory and exchange protocol detail using xmpp and rdf," in 6th World Congress on Services, july 2010, pp. 431-438.
39. M. Coppola, P. Dazzi, A. Lazouski, F. Martinelli, P. Mori, J. Jensen, I. Johnson, and P. Kershaw, "The contrail approach to cloud federations," in Proceedings of the International Symposium on Grids and Clouds, 2012.