A $(rm UCON_{ABC})$ Resilient Authorization Evaluation for Cloud Computing

Author

Marcon, Arlindo Luis ; Olivo Santin, Altair ; Stihler, Maicon ; Bachtold, Juliana

Author_Institution

Grad. Program in Comput. Sci., Pontifical Catholic Univ. of Parana, Curitiba, Brazil

Volume

25

Issue

2

fYear

2014

fDate

Feb. 2014

Firstpage

457

Lastpage

467

Abstract

The business-driven access control used in cloud computing is not well suited for tracking fine-grained user service consumption. UCON_ABC applies continuous authorization reevaluation, which requires usage accounting that enables fine-grained access control for cloud computing. However, it was not designed to work in distributed and dynamic authorization environments like those present in cloud computing. During a continuous (periodical) reevaluation, an authorization exception condition, disparity among usage accounting and authorization attributes may occur. This proposal aims to provide resilience to the UCON_ABC continuous authorization reevaluation, by dealing with individual exception conditions while maintaining a suitable access control in the cloud environment. The experiments made with a proof-of-concept prototype show a set of measurements for an application scenario (e-commerce) and allows for the identification of exception conditions in the authorization reevaluation.

Keywords

authorisation; cloud computing; electronic commerce; UCON_ABC resilient authorization reevaluation; authorization attributes; authorization environments; authorization exception condition; business-driven access control; cloud computing; e-commerce; electronic commerce; exception conditions; fine-grained user service consumption; usage accounting; Access controls; distributed systems; security and privacy protection;

fLanguage

English

Journal_Title

Parallel and Distributed Systems, IEEE Transactions on

Publisher

ieee

ISSN

1045-9219

Type

jour

DOI

10.1109/TPDS.2013.113

Filename

6497049