Abstract
Advancement in distributed computing and Internet-based computing, like cloud, has put high concerns on security issues. Identity and access management is one such issue that requires urgent attention. Both data privacy and user privacy need to be protected in privacy-aware cloud computing applications. Anonymous user interaction helps users to privately interact with any system. It must be made sure that unauthorized entity should not get access to data resources. Hence, identity credentials may not always be enough. Different contexts like user role, trust, behavior may be considered as an identity context required to authenticate the user for an active session. In any privacy-aware system, a wrong interaction might provide improper data access. Therefore, dynamic decision-making may also be required for a proper access session to continue. Quasi-static authorization models consider reauthorization at regular intervals. At the end of each interval, the user is again verified against his various contexts if the resource access is to be continued. Many research works focus on fine-grained access control model in highly dynamic environments. However, handling the contexts is the main concern in these types of access model. In this chapter, we propose an access model with the concept of delta authorization with an easy user session out process. Here, authorization not only proceeds at delta intervals, but also considers contextual information besides usual credentials. This technique is able to handle fine-grained access control in a better way. An implementation with the analysis is also presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dos Santos, D.R., et al.: Risk-based dynamic access control for a highly scalable cloud federation. In: Proceedings of the Seventh International Conference on Emerging Security Information, Systems and Technologies, SECURWARE (2013)
Maa, S., et al.: A trust-based dynamic access control model (2010)
Dmitrienko, A., et al.: On the (in) security of mobile two-factor authentication. Financial Cryptography and Data Security, pp. 365–383. Springer, Berlin, Heidelberg (2014)
Desmedt, Y.: Man-in-the-middle attack. Encyclopedia of cryptography and security, pp. 759–759. Springer, US (2011)
Demchenko, Y., et al.: Web services and grid security vulnerabilities and threats analysis and model. In: Proceedings of the 6th IEEE/ACM international workshop on grid computing. IEEE Computer Society (2005)
Kim, J., Hong, S.-P.: A method of risk assessment for multi-factor authentication. J. Inf. Process. Syst. 7(1), 187–198 (2011)
Kathrine, G.J.W., Kirubakaran, E.: Biometric authentication and authorization system for grid security. Int. J. Hybrid Inform. Technol. 4(4), 43–58 (2011)
Tigli, J.-Y., et al.: Context-aware authorization in highly dynamic environments. arXiv preprint arXiv:1102.5194 (2011)
Ullah, S., Xuefeng, Z., Feng, Z.: TCloud: a dynamic framework and policies for access control across multiple domains in cloud computing. arXiv preprint arXiv:1305.2865 (2013)
Sprinkle, J., Eames, B.: Time-triggered buffers for event-based middleware systems. In: Elissa, K. (ed.) Innovat. Syst. Softw. Eng. 7(1), 9–22. Unpublished (2011)
Albert, A.: Comparison of event-triggered and time-triggered concepts with regard to distributed control systems. Embed. World 2004, 235–252 (2004)
Cuppens, F., Mige, A.: Modelling contexts in the Or-BAC model. Computer Security Applications Conference, 2003. In: Proceedings 19th Annual IEEE, I.S. (2003)
Acknowledgements
This publication is an outcome of the R&D work undertaken in the ITRA project of Media Lab Asia entitled “Remote Health: A Framework for Healthcare Services using Mobile and Sensor-Cloud Technologies”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Saha, S., Das, R., Neogy, S. (2018). Delta Authorization Concept for Dynamic Access Control Model in Cloud Environment. In: Chaki, R., Cortesi, A., Saeed, K., Chaki, N. (eds) Advanced Computing and Systems for Security. Advances in Intelligent Systems and Computing, vol 667. Springer, Singapore. https://doi.org/10.1007/978-981-10-8183-5_5
Download citation
DOI: https://doi.org/10.1007/978-981-10-8183-5_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8182-8
Online ISBN: 978-981-10-8183-5
eBook Packages: EngineeringEngineering (R0)