Access Control of Cloud Service Based on UCON

Chen, Danwei; Huang, Xiuli; Ren, Xiaozhen

doi:10.1007/978-3-642-10665-1_52

Cited by 39 publications

(20 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these existing security mechanisms have some lack of security measures (as discussed in section II) in practical implementation. Moreover, the openness nature of internet has many inherent security flaws [14]. A lot of security attacks have been proven on different clouds such as, Google App Engine, Amazon web services, Salesforce (Salesforce.com).…”

Section: Introductionmentioning

confidence: 99%

A Strong User Authentication Framework for Cloud Computing

Choudhury

Kumar

Sain

et al. 2011

2011 IEEE Asia-Pacific Services Computing Conference

112

View full text Add to dashboard Cite

Cloud computing is combination of various computing entities, globally separated, but electronically connected. As the geography of computation is moving towards corporate server rooms, it bring more issues including security, such as virtualization security, distributed computing, application security, identity management, access control and authentication. However, strong user authentication is the paramount requirement for cloud computing that restrict illegal access of cloud server. In this regard, this paper proposes a strong user authentication framework for cloud computing, where user legitimacy is strongly verified before enter into the cloud. The proposed framework provides identity management, mutual authentication, session key establishment between the users and the cloud server. A user can change his/her password, whenever demanded. Furthermore, security analysis realizes the feasibility of the proposed framework for cloud computing and achieves efficiency.

show abstract

Section: Introductionmentioning

confidence: 99%

A Strong User Authentication Framework for Cloud Computing

Choudhury

Kumar

Sain

et al. 2011

2011 IEEE Asia-Pacific Services Computing Conference

112

View full text Add to dashboard Cite

show abstract

“…Mandatory Access Control (MAC), Role-Based Access Control (RBAC) and the Discretionary Access Control are examples of such traditional methods. For instance, Dawani et al (2009) introduced (Nego-UCONABC), an access control framework for cloud services based UCONABC (Usage Control) [8]. In this framework, they extended the traditional access control to include recent access control and digital rights management.…”

Section: Related Work and Backgroundmentioning

confidence: 98%

“…Dawani et al argue that Nego-UCONABC provides superior decision-making ability, and would be a better choice to establish a realistic cloud service access control model [8]. However, it is clear that this solution is based on a webservices perspective and does not cover many of the security issues within this new environment, such as:…”

Section: Related Work and Backgroundmentioning

confidence: 98%

Mutual Protection in a Cloud Computing Environment

Albeshri

Caelli

2010

2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC)

View full text Add to dashboard Cite

The term "cloud computing" has emerged as a major ICT trend and has been acknowledged by respected industry survey organizations as a key technology and market development theme for the industry and ICT users in 2010. However, one of the major challenges that faces the cloud computing concept and its global acceptance is how to secure and protect the data and processes that are the property of the user. The security of the cloud computing environment is a new research area requiring further development by both the academic and industrial research communities. Today, there are many diverse and uncoordinated efforts underway to address security issues in cloud computing and, especially, the identity management issues. This paper introduces an architecture for a new approach to necessary "mutual protection" in the cloud computing environment, based upon a concept of mutual trust and the specification of definable profiles in vector matrix form. The architecture aims to achieve better, more generic and flexible authentication, authorization and control, based on a concept of mutuality, within that cloud computing environment.

show abstract

“…Iqbal et al [15] proposed semantic-enhanced ABAC for cloud services. Danwei et al [11] proposed access control for cloud service based on UCON. However, these works are neither focused on IaaS access control nor present a formal ABAC model.…”

Section: Existing Abac Modelsmentioning

confidence: 99%

Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS

Jin¹,

Krishnan²,

Sandhu³

2014

Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

Cloud Infrastructure as a Service (IaaS), where traditional IT infrastructure resources such as compute, storage and networking are owned by a cloud service provider (CSP) and offered as on-demand virtual resources to customers (tenants), is the fastest maturing service model in cloud computing. The transformation of physical resources into virtual offers great flexibility to CSP customers including network based remote collaborative administration. This flexibility can be fully availed only if complemented by commensurately flexible access control to the customers remote IT resources by the customer's IT users. Since customer policies in this regard can vary greatly, the CSP needs a flexible model to accommodate diverse policy requirements. In this paper, we investigate attribute-based access control (ABAC) in cloud IaaS. In ABAC, access requests are evaluated based on the attributes of cloud tenant users and those of objects such as virtual machines, storage volumes, networks, etc. We investigate the access control models supported by commercial IaaS providers such as Amazon AWS and opensource OpenStack, as well as other models in the literature, which mostly use role-based access control (RBAC). We demonstrate their limitations and motivate the need for ABAC support to realize the true potential of IaaS. Building on prior published ABAC models we define a formal ABAC model suitable for IaaS. As proof-of-concept we implement this model in OpenStack, a widely-used open source cloud IaaS software platform. We discuss enforcement alternatives in this context and partially evaluate their performance.Index Terms-attribute based access control, cloud computing, infrastructure as a service 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2014) 978-1-63190-043-3

show abstract

Access Control of Cloud Service Based on UCON

Cited by 39 publications

References 4 publications

A Strong User Authentication Framework for Cloud Computing

A Strong User Authentication Framework for Cloud Computing

Mutual Protection in a Cloud Computing Environment

Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS

Contact Info

Product

Resources

About