Context-aware Security Models for PaaS-enabled Access Control

Simeon Veloudis, Yiannis Verginadis, Ioannis Patiniotakis, Iraklis Paraskakis, Gregoris Mentzas

Abstract

Enterprises are embracing cloud computing in order to reduce costs and increase agility in their everyday business operations. Nevertheless, due mainly to confidentiality, privacy and integrity concerns, many are still reluctant to migrate their sensitive data to the cloud. In this paper, firstly, we outline the construction of a suitable Context-aware Security Model, for enhancing security in cloud applications. Secondly, we outline the construction of an extensible and declarative formalism for representing policy-related knowledge, one which disentangles the definition of a policy from the code employed for enforcing it. Both of them will be employed for supporting innovative PaaS-enabled access control mechanisms.

References

  1. Abowd, G., & Mynatt, E., 2000. Charting past, present, and future research in ubiquitous computing. ACM Transactions on Computer-Human Interaction (TOCHI) - Special issue on human-computer interaction in the new millennium, 29-58.
  2. Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., & Riboni, D., 2010. A survey of context modelling and reasoning techniques. Pervasive and Mobile Computing, 161-180.
  3. Bucchiarone, A., Kazhamiakin, R., Cappiello, C., Nitto, E., & Mazza, V., 2010. A context-driven adaptation process for service-based applications. In ACM Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS'10), pp. 50-56, Cape Town, South Africa.
  4. Cisco, 2011. Cloud: What an Enterprise Must Know, Cisco White Paper.
  5. CSA, 2013. The Notorious Nine. Cloud Computing Top Threats in 2013. Cloud Security Alliance.
  6. Dey, A. K., 2001. Understanding and Using Context. In Personal and Ubiquitous Computing Journal, vol. 5, no. 1, p. 4-7.
  7. Ferrari, E., 2010. Access Control in Data Management Systems. Synthesis Lectures on Data Management, Morgan & Claypool, Vol. 2, No. 1, p. 1-117.
  8. Group, T. T., 2013. The Notorious Nine. Cloud Computing Top Threats in 2013. Cloud Security Aliance (CSA).
  9. Heupel, M., Fischer, L., Bourimi, M., Kesdogan, D., Scerri, S., Hermann, F., Gimenez, R., 2012. Context-Aware, Trust-Based Access Control for the di.me Userware. In Proceedings of the 5th International Conference on New Technologies, Mobility and Security (NTMS'12), pp. 1-6, Istanbul, Turkey, IEEE Computer Society.
  10. Hu, V. C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller R., and Scarfone K., 2014. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST.
  11. Hu, H., Ahn, G.-J. and Kulkarni, K., 2011. Ontology-based policy anomaly management for autonomic computing. In 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).
  12. Jung, C., Eitel, A., Schwarz, R., 2014. Cloud Security with Context-aware Usage Control Policies. In Proceedings of the INFORMATIK'14 Conference, pp. 211-222.
  13. Kagal, L., Finin, T. and Joshi, A., 2003. A Policy Language for a Pervasive Computing Environment. In 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 7803).
  14. Linked USDL, 2014. Available online: http://linkedusdl.org/.
  15. Micro, T., 2010. The Need for Cloud Computing Security. Trend Micro.
  16. Miele, A., Quintarelli, E., Tanca, L., 2009. A methodology for preference-based personalization of contextual data. In ACM Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology (EDBT'09), pp. 287- 298, Saint-Petersburg, Russia.
  17. NIST, 2011. Cloud Computing Reference Architecture, National Institute of Standards and Technology.
  18. OASIS, 2013. OASIS eXtensible Access Control Markup Language (XACML). Available: http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
  19. OWL Web Ontology Language Reference. W3C Recommendation, 2004. Available online: http://www.w3.org/TR/owl-ref/.
  20. Pedrinaci, C., Cardoso, J. and Leidig, T., 2014. Linked USDL: a Vocabulary for Web-scale Service Trading. In 11th Extended Semantic Web Conference (ESWC).
  21. Specification of Deliberation RuleML 1.01, 2015. Available online: http://wiki.ruleml.org/index.php/ Specification_of_Deliberation_RuleML_1.01.
  22. Security Assertions Markup Language (SAML) Version 2.0. Technical Overview, 2008. Available online: https://www.oasis-open.org/committees/download. php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
  23. Sheng, Q., & Benatallah, B., 2005. ContextUML: A UMLBased Modeling Language for Model-Driven Development of Context-Aware Web Services Development. In Proceedings of the International Conference on Mobile Business (ICMB'05), pp. 206- 212, IEEE Computer Society.
  24. Strang, T., Linnhoff-Popien, C., 2004. A Context Modeling Survey. In Workshop on Advanced Context Modelling, Reasoning and Management, (UbiComp'04) - The Sixth International Conference on Ubiquitous Computing. Nottingham, England.
  25. Truong, H.-L., Manzoor, A., Dustdar, S., 2009. On modeling, collecting and utilizing context information for disaster responses in pervasive environments. In ACM Proceedings of the first international workshop on Context-aware software technology and applications (CASTA'09), pp. 25-28, Amsterdam, The Netherlands.
  26. Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J. and Aitken, S., 2005. KAoS Policy Management for Semantic Web Services. IEEE Intel. Sys., vol. 19, no. 4, pp. 32 - 41.
  27. Vaquero, L.M., Rodero-Merino, L., Caceres, J. and Lindner, M., 2008. A break in the clouds: Towards a cloud definition. SIGCOMM Comput. Commun. Rev., vol 39, no 1, pp. 50 - 55.
  28. Verginadis, Y., Michalas, A., Gouvas, P., Schiefer, G., Hübsch, G., Paraskakis, I., 2015a. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services. Proceedings of the 5th International Conference on Cloud Computing and Services Science (CLOSER 2015), May 20-22, Lisbon, Portugal.
  29. Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I., 2015b. A Survey on Context Security Policies. In Proceedings of the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15), co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, December 7-10.
  30. WS-Trust 1.3, 2007. Available online: http://docs.oasisopen.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc.
Download


Paper Citation


in Harvard Style

Veloudis S., Verginadis Y., Patiniotakis I., Paraskakis I. and Mentzas G. (2016). Context-aware Security Models for PaaS-enabled Access Control . In Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER, ISBN 978-989-758-182-3, pages 202-212. DOI: 10.5220/0005918602020212


in Bibtex Style

@conference{closer16,
author={Simeon Veloudis and Yiannis Verginadis and Ioannis Patiniotakis and Iraklis Paraskakis and Gregoris Mentzas},
title={Context-aware Security Models for PaaS-enabled Access Control},
booktitle={Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER,},
year={2016},
pages={202-212},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005918602020212},
isbn={978-989-758-182-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER,
TI - Context-aware Security Models for PaaS-enabled Access Control
SN - 978-989-758-182-3
AU - Veloudis S.
AU - Verginadis Y.
AU - Patiniotakis I.
AU - Paraskakis I.
AU - Mentzas G.
PY - 2016
SP - 202
EP - 212
DO - 10.5220/0005918602020212