- Title: A Dynamic Risk-based Access Control Architecture for Cloud Computing
- Author: Daniel Ricardo dos Santos, Carla Merkle Westphall, Carlos Becker Westphall
- Abstract: Cloud computing is a distributed computing model that still faces problems. New ideas emerge to take advantage of its features and among the research challenges found in the cloud, we can highlight Identity and Access Management. The main problems of the application of access control in the cloud are the necessary flexibility and scalability to support a large number of users and resources in a dynamic and heterogeneous environment, with collaboration and information sharing needs. This paper proposes the use of risk-based dynamic access control for cloud computing. The proposal is presented as an access control model based on an extension of the XACML standard with three new components: the Risk Engine, the Risk Quantification Web Services and the Risk Policies. The risk policies present a method to describe risk metrics and their quantification, using local or remote functions. The risk policies allow users and cloud service providers to define how to handle risk-based access control for their resources, using different quantification and aggregation methods. The model reaches the access decision based on a combination of XACML decisions and risk analysis. A prototype of the model is implemented, showing it has enough expressivity to describe the models of related work. In the experimental results, the prototype takes between 2 and 6 milliseconds to reach access decisions using a risk policy. A discussion on the security aspects of the model is also presented.
- DOI: 10.1109/NOMS.2014.6838319
The 14th IEEE/IFIP Network Operations and Management Symposium (NOMS 2014) will be held 5-9 May 2014 at Radisson Park Inn, Krakow, Poland. Held in even-numbered years since 1988, NOMS 2014 will follow the 26 years tradition of NOMS and IM as the primary IEEE Communications Society’s forum for technical exchange on management of information and communication technology focusing on research, development, integration, standards, service provisioning, and user communities. NOMS 2014 will focus on the theme “Management in a Software-Defined World,” presenting recent, emerging approaches, and technical solutions for dealing with future network and ICT infrastructures, as well as with novel services provided on top of these infrastructures in virtual environments (e.g., Cloud Computing and SDN).
About the conference
- Name: 14th IEEE/IFIP Network Operations and Management Symposium (NOMS 2014)
- Date: from May 05, 2014 to May 09, 2014
- Location: Krakow, Poland
- Website: https://noms2014.ieee-noms.org/