Towards a fine-grained access control for cloud

Mounira Msahli; Xiuzhen Chen; Ahmed Serhrouchni

doi:10.1109/ICEBE.2014.56

Towards a fine-grained access control for cloud

Mounira Msahli
, Xiuzhen Chen
, Ahmed Serhrouchni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The centerpiece of an efficient Cloud security architecture is a well-defined access control policy. In literature we can find several access control models such as the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABC). The UCONABC is very suitable for the context of distributed systems like cloud computing but it doesn't give any implementation method. In this paper we define the profile centric model using graph formalism and its implementation using matrix. We define the profile as the combination of all possible authorization, obligation, condition, role, etc... and other access parameters like attributes that we can found in Cloud system. We discuss its application using three matrixes (profile definition, profile inheritance and user assignment). Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing. The proposed solution is validated and implemented over Hadoop distributed file system in the context of Safe Box as a service.

Original language	English
Title of host publication	Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014
Editors	Yinsheng Li, Xiang Fei, Kuo-Ming Chao, Jen-Yao Chung
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	286-291
Number of pages	6
ISBN (Electronic)	9781479965632
DOIs	https://doi.org/10.1109/ICEBE.2014.56
Publication status	Published - 10 Dec 2014
Event	11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Guangzhou, China Duration: 5 Nov 2014 → 7 Nov 2014

Publication series

Name	Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014

Conference

Conference	11th IEEE International Conference on E-Business Engineering, ICEBE 2014
Country/Territory	China
City	Guangzhou
Period	5/11/14 → 7/11/14

Keywords

Cloud
Profile centric model
Safe Box
access control
graph
security

Access to Document

10.1109/ICEBE.2014.56

Cite this

Msahli, M., Chen, X., & Serhrouchni, A. (2014). Towards a fine-grained access control for cloud. In Y. Li, X. Fei, K.-M. Chao, & J.-Y. Chung (Eds.), Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014 (pp. 286-291). Article 6982094 (Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICEBE.2014.56

Msahli, Mounira ; Chen, Xiuzhen ; Serhrouchni, Ahmed. / Towards a fine-grained access control for cloud. Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014. editor / Yinsheng Li ; Xiang Fei ; Kuo-Ming Chao ; Jen-Yao Chung. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 286-291 (Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014).

@inproceedings{02c3fc416c8b409e980207686aa52142,

title = "Towards a fine-grained access control for cloud",

abstract = "The centerpiece of an efficient Cloud security architecture is a well-defined access control policy. In literature we can find several access control models such as the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABC). The UCONABC is very suitable for the context of distributed systems like cloud computing but it doesn't give any implementation method. In this paper we define the profile centric model using graph formalism and its implementation using matrix. We define the profile as the combination of all possible authorization, obligation, condition, role, etc... and other access parameters like attributes that we can found in Cloud system. We discuss its application using three matrixes (profile definition, profile inheritance and user assignment). Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing. The proposed solution is validated and implemented over Hadoop distributed file system in the context of Safe Box as a service.",

keywords = "Cloud, Profile centric model, Safe Box, access control, graph, security",

author = "Mounira Msahli and Xiuzhen Chen and Ahmed Serhrouchni",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 ; Conference date: 05-11-2014 Through 07-11-2014",

year = "2014",

month = dec,

day = "10",

doi = "10.1109/ICEBE.2014.56",

language = "English",

series = "Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "286--291",

editor = "Yinsheng Li and Xiang Fei and Kuo-Ming Chao and Jen-Yao Chung",

booktitle = "Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014",

}

Msahli, M, Chen, X & Serhrouchni, A 2014, Towards a fine-grained access control for cloud. in Y Li, X Fei, K-M Chao & J-Y Chung (eds), Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014., 6982094, Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014, Institute of Electrical and Electronics Engineers Inc., pp. 286-291, 11th IEEE International Conference on E-Business Engineering, ICEBE 2014, Guangzhou, China, 5/11/14. https://doi.org/10.1109/ICEBE.2014.56

Towards a fine-grained access control for cloud. / Msahli, Mounira; Chen, Xiuzhen; Serhrouchni, Ahmed.
Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014. ed. / Yinsheng Li; Xiang Fei; Kuo-Ming Chao; Jen-Yao Chung. Institute of Electrical and Electronics Engineers Inc., 2014. p. 286-291 6982094 (Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards a fine-grained access control for cloud

AU - Msahli, Mounira

AU - Chen, Xiuzhen

AU - Serhrouchni, Ahmed

PY - 2014/12/10

Y1 - 2014/12/10

N2 - The centerpiece of an efficient Cloud security architecture is a well-defined access control policy. In literature we can find several access control models such as the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABC). The UCONABC is very suitable for the context of distributed systems like cloud computing but it doesn't give any implementation method. In this paper we define the profile centric model using graph formalism and its implementation using matrix. We define the profile as the combination of all possible authorization, obligation, condition, role, etc... and other access parameters like attributes that we can found in Cloud system. We discuss its application using three matrixes (profile definition, profile inheritance and user assignment). Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing. The proposed solution is validated and implemented over Hadoop distributed file system in the context of Safe Box as a service.

AB - The centerpiece of an efficient Cloud security architecture is a well-defined access control policy. In literature we can find several access control models such as the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABC). The UCONABC is very suitable for the context of distributed systems like cloud computing but it doesn't give any implementation method. In this paper we define the profile centric model using graph formalism and its implementation using matrix. We define the profile as the combination of all possible authorization, obligation, condition, role, etc... and other access parameters like attributes that we can found in Cloud system. We discuss its application using three matrixes (profile definition, profile inheritance and user assignment). Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing. The proposed solution is validated and implemented over Hadoop distributed file system in the context of Safe Box as a service.

KW - Cloud

KW - Profile centric model

KW - Safe Box

KW - access control

KW - graph

KW - security

U2 - 10.1109/ICEBE.2014.56

DO - 10.1109/ICEBE.2014.56

M3 - Conference contribution

AN - SCOPUS:84920742672

T3 - Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014

SP - 286

EP - 291

BT - Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014

A2 - Li, Yinsheng

A2 - Fei, Xiang

A2 - Chao, Kuo-Ming

A2 - Chung, Jen-Yao

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014

Y2 - 5 November 2014 through 7 November 2014

ER -

Msahli M, Chen X, Serhrouchni A. Towards a fine-grained access control for cloud. In Li Y, Fei X, Chao KM, Chung JY, editors, Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 286-291. 6982094. (Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014). doi: 10.1109/ICEBE.2014.56

Towards a fine-grained access control for cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this