Concurrency and Computation: Practice and Experience

Volume 29, Issue 19 e4199

SPECIAL ISSUE PAPER

Attribute-based access control management for multicloud collaboration

John C. John,

John C. John

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Search for more papers by this author

Shamik Sural,

Corresponding Author

Shamik Sural

[email protected]

orcid.org/0000-0002-4315-7329

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Correspondence

Shamik Sural, Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur-721302, West Bengal, India.

Email: [email protected]

Search for more papers by this author

Arobinda Gupta,

Arobinda Gupta

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Search for more papers by this author

John C. John,

John C. John

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Search for more papers by this author

Shamik Sural,

Corresponding Author

Shamik Sural

[email protected]

orcid.org/0000-0002-4315-7329

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Correspondence

Shamik Sural, Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur-721302, West Bengal, India.

Email: [email protected]

Search for more papers by this author

Arobinda Gupta,

Arobinda Gupta

Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

Search for more papers by this author

First published: 27 June 2017

https://doi.org/10.1002/cpe.4199

Citations: 5

Share a link

Email
Wechat
Bluesky

Summary

Security of applications has been identified as one of the major concerns in today's multicloud collaborative environment. These applications are often bounded by the constraints of the disparate cloud domains they are deployed in. A fine-grained access control mechanism such as attribute-based access control (ABAC) is considered to be an appropriate choice for authorization management in this context. However, identifying a suitable set of ABAC rules, often called rule mining, is a critical step in building ABAC-based systems. We propose 2 approaches for intercloud rule formation in ABAC. In the first approach, we consider cross domain rule mining as the problem of forming a minimal set of positive authorizations only. The second approach shows the advantage of developing deny rules along with positive authorizations in reducing the total number of rules, and hence, the response time for evaluating access requests. The problem is proved to be NP-hard. Heuristic solutions are proposed and evaluated on benchmark datasets showing encouraging results.

REFERENCES

1Singhal M, Chandrasekhar S, Ge T, et al. Collaboration in multicloud computing environments: framework and security issues. IEEE Comput. 2013; 46(2): 76-84.
10.1109/MC.2013.46
Web of Science® Google Scholar
2Almutairi A, Sarfraz M, Basalamah S, Aref WG, Ghafoor A. A distributed access control architecture for cloud computing. IEEE Software. 2012; 29(2): 36-44.
10.1109/MS.2011.153
Web of Science® Google Scholar
3Harrison MA, Ruzzo WL, Ullman JD. Protection in operating systems. Commu ACM. 1976; 19(8): 461-471.
10.1145/360303.360333
Web of Science® Google Scholar
4Sandhu RS. Lattice-based access control models. IEEE Compu. November 1993; 26(11): 9-19.
10.1109/2.241422
Web of Science® Google Scholar
5Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. IEEE Comput. 1996; 29(2): 38-47.
10.1109/2.485845
Web of Science® Google Scholar
6Joshi JBD, Bertino E, Latif U, Ghafoor A. A generalized temporal role-based access control model. IEEE Trans Knowledge Data Eng. 2005; 17(1): 4-23.
10.1109/TKDE.2005.1
Web of Science® Google Scholar
7Aich S, Mondal S, Sural S, Majumdar AK. Role-based access control with spatiotemporal context for mobile applications. Trans Comput Sci: Special Issue Secur Comput. 2009; IV: 177-199.
Google Scholar
8Hu VC, Ferraiolo DF, Kuhn DR, et al. Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800-162. 2014.
Google Scholar
9Hu VC, Kuhn DR, Ferraiolo DF. Attribute-based access control. Computer. 2015; 48(2): 85-88.
10.1109/MC.2015.33
Web of Science® Google Scholar
10Jin X, Krishnan R, Sandhu RS. A unified attribute-based access control model covering DAC, MAC and RBAC. Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec'12. Berlin, Heidelberg: Springer-Verlag; 2012: 41-55.
10.1007/978-3-642-31540-4_4
Google Scholar
11Bertino E, Crampton J. Security for distributed systems: Foundations of access control. In: Y Qian, D Tipper, P Krishnamurthy, J Joshi, eds. Information Assurance: Survivability and Security in Networked Systems. Morgan Kaufman; 2007: 39-80.
Google Scholar
12 NIST ABAC Workshop. 2013July. http://csrc.nist.gov/projects/abac/july2013workshop/presentations.html
Google Scholar
13Gong L, Qian X. Computational issues in secure interoperation. IEEE Trans Software Eng. 1996; 22(1): 43-52.
10.1109/32.481533
Web of Science® Google Scholar
14Shehab M, Elisa B, Arif G. Secure collaboration in mediator-free environments. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS '05, Alexandria, VA, USA; 2005: 58-67.
Google Scholar
15Shafiq B, Joshi JBD, Bertino E, Ghafoor A. Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans Knowledge Data Eng. 2005; 17(11): 1557-1577.
10.1109/TKDE.2005.185
Web of Science® Google Scholar
16Bonatti P, Vimercati S, Samarati P. An algebra for composing access control policies. ACM Trans Inform Syst Secur. 2002; 5(1): 1-35.
10.1145/504909.504910
Google Scholar
17Bertino E, Buccafurri F, Ferrari E, Rullo P. A logical framework for reasoning on data access control policies. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, Mordano, Italy; 1999: 175-189.
Google Scholar
18Lupu EC, Sloman M. Conflicts in policy-based distributed systems management. IEEE Trans Software Eng. 1999; 25(6): 852-869.
10.1109/32.824414
Web of Science® Google Scholar
19Dawson S, Qian S, Samarati P. Providing security and interoperation of heterogeneoussystems. Distrib Parallel Databases. 2000; 8(1): 119-145.
10.1023/A:1008787317852
Web of Science® Google Scholar
20Joshi JBD, Bertino E, Ghafoor A. Temporal hierarchies and inheritance semantics for GTRBAC. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT, Monterey, CA, USA; 2002: 74-83.
Google Scholar
21Toosi AN, Calheiros RN, Buyya R. Interconnected cloud computing environments: challenges, taxonomy, and survey. ACM Comput Surveys. 2014; 47(1): 7:1-7:47.
10.1145/2593512
Web of Science® Google Scholar
22Bo T, Qi L, Sandhu R. A multi-tenant RBAC model for collaborative cloud services. In: Eleventh Annual International Conference on Privacy, Security and Trust (PST), Tarragona, Italy; 2013: 229-238.
Google Scholar
23Heng H, Ruixuan L, Xinhua D, Zhao Z. Secure, efficient and fine-grained data access control mechanism for P2P storage cloud. IEEE Trans Cloud Comput. 2014Oct; 2(4): 471-484.
10.1109/TCC.2014.2378788
Google Scholar
24Ferraiolo DF, Chandramouli R, Kuhn R, Hu VC. Extensible access control markup language (XACML) and next generation access control (NGAC). In: Proceedings of the ACM International Workshop on Attribute Based Access Control. ACM, New Orleans, LA, USA; 2016.
Google Scholar
25Biswas P, Sandhu RS, Krishnan R. Label-based access control: An ABAC model with enumerated authorization policy. In: Proceedings of the ACM International Workshop on Attribute Based Access Control. ACM, New Orleans, LA, USA; 2016.
Google Scholar
26Xu Z, Stoller SD. Mining attribute-based access control policies. IEEE Trans Dependable Secure Comput. 2015; 12(5): 533-545.
10.1109/TDSC.2014.2369048
Web of Science® Google Scholar
27John CJ, Sural S, Gupta A. Authorization management in multicloud collaboration using attribute-based access control. In: Proceedings of the International Conference on Cloud Computing and Big Data, (CloudCom-Asia), Hong Kong; 2016: 190-195.
Google Scholar
28Papadimitriou CH, Steiglitz K. Combinatorial Optimization : Algorithms and Complexity. Mineola (N.Y.): Dover Publications; 1998.
Google Scholar
29Cormen TH, Stein C, Rivest RL, Leiserson CE. Introduction to Algorithms. 2nd ed. Boston Burr Ridge, IL, USA: McGraw-Hill Higher Education; 2001.
CAS PubMed Google Scholar
30Achterberg T. What do the numbers mean?—issues in benchmarking. In: Proceedings of the 22nd European Conference on Operational Research (book of abstracts p. 126), Bonn, Germany; 2007.
Google Scholar
31Li N, Bizri Z, Tripunitara MV. On mutually-exclusive roles and separation of duty. In: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, Washington, DC, USA; 2004: 42-51.
Google Scholar

Citing Literature

Volume29, Issue19

Combined Special issues on High performance and security in cloud computing (CloudCom‐Asia2016) and New trends and innovative methods in cloud computing and big data (CBD‐BDCloud2016)

10 October 2017

e4199

Attribute-based access control management for multicloud collaboration

Summary

REFERENCES

Citing Literature

References

Information

About Wiley Online Library

Help & Support

Opportunities

Connect with Wiley

Attribute-based access control management for multicloud collaboration

Summary

REFERENCES

Citing Literature

References

Related

Information