A framework and risk assessment approaches for risk-based access control in the cloud

被引：32

作者：

dos Santos, Daniel Ricardo ^{[1
]}

Marinho, Roberto ^{[1
]}

Schmitt, Gustavo Roecker ^{[1
]}

Westphall, Carla Merkle ^{[1
]}

Westphall, Carlos Becker ^{[1
]}

机构：

[1] Univ Fed Santa Catarina, Dept Informat & Stat, Networks & Management Lab, BR-88040970 Florianopolis, SC, Brazil

来源：

JOURNAL OF NETWORK AND COMPUTER APPLICATIONS | 2016年 / 74卷

关键词：

Access control; Cloud computing; Risk;

D O I：

10.1016/j.jnca.2016.08.013

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work. (C) 2016 Elsevier Ltd. All rights reserved.

引用

页码：86 / 97

页数：12

共 13 条

[1]

Ahmed Ali, 2010, Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE), P251, DOI 10.1109/SECURWARE.2010.48

[2]

AlZain M. A., 2012, 2012 45th Hawaii International Conference on System Sciences (HICSS), P5490, DOI 10.1109/HICSS.2012.153

[3] A Metric-Based Approach to Assess Risk for "On Cloud" Federated Identity Management [J].

Arias-Cabarcos, Patricia ;

Almenarez-Mendoza, Florina ;

Marin-Lopez, Andres ;

Diaz-Sanchez, Daniel ;

Sanchez-Guerrero, Rosa .

JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2012, 20 (04) :513-533

[4]

Benantar M., 2006, ACCESS CONTROL SYSTE

[5]

Bernabe JB, 2011, SECRYPT 2011: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, P333

[6]

Borst W.N., 1999, Construction of engineering ontologies for knowledge sharing and reuse

[7]

Britton David W., 2007, THESIS

[8]

Brucker AD, 2009, SACMAT'09: PROCEEDINGS OF THE 14TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, P197, DOI 10.1145/1542207.1542239

[9]

Celesti A., 2010, Proceedings of the 2010 Second International Conference on Advances in Future Internet (AFIN 2010), P94, DOI 10.1109/AFIN.2010.23

[10]

Celesti Antonio, 2010, 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD 2010), P337, DOI 10.1109/CLOUD.2010.46

← 1 2 →