Abstract
Cloud computing is emerging as a virtual model in support of “everything-as-a-service” (XaaS). There are numerous providers such as feeders, owners and creators who are less likely the same actor, and multiple platforms possibly with different security control mechanisms. Consequently, cloud resources cannot be securely managed by traditional access control models. In this paper, we propose a new security technique to enable a multifactor access control, and to cope with various deployment models where user’s network and system sessions may vary. Using the metadata of resources and access policies, the technique builds the privilege chains. The contribution of this paper includes a mechanism of the privilege chains that can be used to verify the trustiness of cloud resources and to protect the resources from unauthorized access.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing Delegation in Access Control Models. IEEE ADCOM (2007)
Blezard, D., Marceau, J.: One user, one password: integrating Unix accounts and active directory. In: ACM Conf. on SIGUCCS (2002)
Cudre-Mauroux, P., Budura, A., Hauswirth, M., Aberer, K.: PicShark: mitigating metadata scarcity through large-scale P2P collaboration. VLDB Journal 17 (2008)
Security Guidance for Critical Areas of Focus in Cloud Computing, v.2.1, Cloud Security Alliance (2009), http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security. In: ACM Cloud Computing Security Workshop (2009)
Damiani, M., Martin, H., Saygin, Y., Spada, M., Ulmer, C.: Spatio-temporal Access Control: Challenges and Applications. In: ACM SACMAT (2009)
Ferraiolo, D., Atluri, V.: A meta model for access control: why is it needed and is it even possible to achieve? In: ACM SACMAT (2008)
Ferraiolo, D., Kuhn, D., Sandhu, R.: RBAC Standard rationale: comments on a critique of the ANSI standard on Role-Based Access Control. IEEE Security & Privacy 5 (2007)
Haslhofer, B., Klas, W.: A survey of techniques for achieving metadata interoperability. ACM Computing Surveys 42 (2010)
Joshi, J., Bertino, E.: Fine-grained role-based delegation in presence of the hybrid role hierarchy. In: ACM SACMAT (2006)
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: ACM SACMAT (2008)
Hao, F., Lakshman, T., Mukherjee, S., Song, H.: Enhancing dynamic cloud-based services using network virtualization. ACM SIGCOMM Computer Communication Review 40 (2010)
Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What’s Inside the Cloud? An Architectural Map of the Cloud Landscape. In: IEEE Conf. on CLOUD (2009)
Lee, A., Winslett, M., Basney, J., Welch, V.: Traust: a trust negotiation-based authorization service for open systems. In: ACM SACMAT (2006)
Pereira, F.: MPEG multimedia standards: evolution and future developments. In: ACM MULTIMEDIA (2007)
Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced Cloud services. In: ACM CCSW (2009)
Vaquero, L., Rodero-Merino, L., Caceres, J., Lindner, M.: A greak in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review 39(1) (2008)
Wang, H., Osborn, S.: Discretionary access control with the administrative role graph model. In: ACM SACMAT (2007)
Zeng, W., Zhao, Y., Ou, K., Song, W.: Research on Cloud storage architecture and key technologies. In: ICIS (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yoon, J.P., Chen, Z. (2010). Using Privilege Chain for Access Control and Trustiness of Resources in Cloud Computing. In: Zavoral, F., Yaghob, J., Pichappan, P., El-Qawasmeh, E. (eds) Networked Digital Technologies. NDT 2010. Communications in Computer and Information Science, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14292-5_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-14292-5_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14291-8
Online ISBN: 978-3-642-14292-5
eBook Packages: Computer ScienceComputer Science (R0)