Abstract
Cloud computing is emerging as a virtual model in support of “everything-as-a-service” (XaaS). Service providers post XaaS of resources in a cloud database. There are numerous service providers such as feeders, owners, and creators, who are less likely the same agent. Consequently, resources in a cloud database cannot be securely managed by traditional access control models, and therefore cloud database services may be trustless. This chapter proposes a new security technique to measure the trustiness of the cloud resources. Using the metadata of resources and access policies, the technique builds the privilege chains and binds authorization policies to compute the trustiness of cloud database management. The contribution of this chapter includes a mechanism of the privilege chains that can be used to verify the legitimacy of cloud resources and to measure the trustiness of cloud database management.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security. ACM Workshop on Cloud Computing Security (2009)
Vaquero, L., Rodero-Merino, L., Caceres, J., Lindner, M.: A break in the clouds: towards a cloud definition. ACM SIGCOMM Comp Commun Rev 39(1) (2008)
Blezard, D., Marceau, J.: One user, one password: Integrating Unix accounts and active directory. In: ACM Conference on SIGUCCS (2002)
Ferraiolo, D., Kuhn, D., Sandhu, R.: RBAC Standard rationale: comments on “A Critique of the ANSI Standard on Role-Based Access Control”. IEEE Secur. Priv. 5 (2007)
Joshi, J., Bertino, E.: Fine-grained role-based delegation in presence of the hybrid role hierarchy. In: ACM Symposium on Access Control Models and Technologies, 2006
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: Outsourcing computation without outsourcing control. In: ACM Workshop on Cloud Computing Security (2009)
Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced Cloud services. In: ACM CCSW (2009)
Haslhofer, B., Klas, W.: A survey of techniques for achieving metadata interoperability. ACM Comp. Surv. 42 (2010)
Pereira, F.: MPEG multimedia standards: evolution and future developments. In: ACM Conference on Multimedia, 2007
Security Guidance for Critical Areas of Focus in Cloud Computing, v.2.1, Cloud Security Alliance, 2009. http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What’s inside the cloud? An architectural map of the cloud landscape. In: IEEE Conference on Software Engineering Challenges of Cloud Computing, 2009
Hao, F., Lakshman, T., Mukherjee, S., Song, H.: Enhancing dynamic cloud-based services using network virtualization. ACM SIGCOMM Comp. Commun. Rev. 40 (2010)
Cudre-Mauroux, P., Budura, A., Hauswirth, M., Aberer, K.: PicShark: mitigating metadata scarcity through large-scale P2P collaboration. Int. J. Very Large Data Base 17 (2008)
Ferraiolo, D., Atluri, V.: A meta model for access control: why is it needed and is it even possible to achieve? In: ACM Symposium on Access Control Models and Technologies, 2008
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: ACM Symposium on Access Control Models and Technologies, 2008
Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: Managing delegation in access control models. In: IEEE Conference on Advanced Computing and Communications, 2007
Lee, A., Winslett, M., Basney, J., Welch, V.: Traust: A trust negotiation-based authorization service for open systems. ACM SACMAT (2006)
Song, H., Cho, T., Dave, V., Zhang, Y., Qiu, L.: Scalable proximity estimation and link prediction in online social networks. ACM SIGCOMM Conference on Internet measurement conference (2009)
Srivaramangai, P., Srinivasan, R.: Reputation based two way trust model for reliable transactions in grid computing. Int. J. Comp. Sci. Issues 7(5), 33–39 (2010)
Bizer, C., Heath, T., Berners-Lee, T.: Linked data – the story so far. Int. J. Semantic Web Inf. Syst. 5(3), 1–22 (2009)
Huang, J., Nicol, D.: A calculus of trust and its application to PKI and identity management. In: ACM Symposium on Identity and Trust on the Internet, 2009
Zeng, W., Zhao, Y., Ou, K., Song, W.: Research on cloud storage architecture and key technologies. In: Conference on Interaction Sciences: Information Technology, Culture, 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Yoon, J.P. (2011). Access Control and Trustiness for Resource Management in Cloud Databases. In: Fiore, S., Aloisio, G. (eds) Grid and Cloud Database Management. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20045-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-20045-8_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20044-1
Online ISBN: 978-3-642-20045-8
eBook Packages: Computer ScienceComputer Science (R0)