TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS
Jorge Bernal Bernabe, Juan M. Marin Perez, Jose M. Alcaraz Calero, Felix J. Garcia Clemente, Gregorio Martinez Perez, Antonio F. Gomez Skarmeta
2011
Abstract
The provision of security services is a key enabler in cloud computing architectures. Focusing on multi-tenancy authorization systems, the provision of different models including role based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO) is the main objective of this paper. Our proposal is based on the Common Information Model (CIM) and Semantic Web technologies, which have been demonstrated as valid tools for describing authorization models. As the same language is being used for the information and the authorization models they are both well aligned and thus reducing the potential mismatch that may appear between the semantics of both models. A trust model enabling the establishment of coalitions and federations across tenants is also an objective being covered as part of the research being presented in this paper.
References
- Alcaraz-Calero, J. M., Edwards, N., Kirschnick, J., Wilcock, L., and Wray, M. (2010a). Towards a multitenancy authorization system for cloud services. IEEE Security and Privacy, 8(6):48-55.
- Alcaraz-Calero, J. M., Edwards, N., Kirschnick, J., Wilcock, L., and Wray, M. (2010a). Towards a multitenancy authorization system for cloud services. IEEE Security and Privacy, 8(6):48-55.
- Alcaraz-Calero, J. M., Perez, G. M., and Skarmeta, A. F. G. (2010b). Towards an authorization model for distributed systems based on the semantic web. IET Information Security, 4(4):411-421.
- Alcaraz-Calero, J. M., Perez, G. M., and Skarmeta, A. F. G. (2010b). Towards an authorization model for distributed systems based on the semantic web. IET Information Security, 4(4):411-421.
- Bumpus, W., Sweitzer, J. W., Thompson, P., Westerinen, A., and Williams, R. C. (2000). Common information model: implementing the object model for enterprisemanagement. John Wiley & Sons, Inc.
- Bumpus, W., Sweitzer, J. W., Thompson, P., Westerinen, A., and Williams, R. C. (2000). Common information model: implementing the object model for enterprisemanagement. John Wiley & Sons, Inc.
- Danwei, C., Xiuli, H., and Xunyi, R. (2009). Access control of cloud service based on ucon. LNCS Cloud Computing, 5931:559-564.
- Danwei, C., Xiuli, H., and Xunyi, R. (2009). Access control of cloud service based on ucon. LNCS Cloud Computing, 5931:559-564.
- Debusmann, M. and Keller, A. (2003). SLA-driven management of distributed systems using the common information model. In Proceeding of the 8th IFIP/IEEE International Symposium on Integrated Network Management.
- Debusmann, M. and Keller, A. (2003). SLA-driven management of distributed systems using the common information model. In Proceeding of the 8th IFIP/IEEE International Symposium on Integrated Network Management.
- Hayes, B. (2008). Cloud computing. Communications of the ACM, 51(7):9-11.
- Hayes, B. (2008). Cloud computing. Communications of the ACM, 51(7):9-11.
- Heimbigner, D. (2004). DMTF - CIM to OWL: A Case Study in Ontology Conversion. In Conference on Software Engineering and Knowledge Engineering.
- Heimbigner, D. (2004). DMTF - CIM to OWL: A Case Study in Ontology Conversion. In Conference on Software Engineering and Knowledge Engineering.
- Horrocks, I., Patel-Schneider, P. F., Boley, H., andB. Grosof, S. T., and Dean, M. (2004). SWRL: A Semantic Web Rule Language combining OWL and RULEML. Technical report, W3C.
- Horrocks, I., Patel-Schneider, P. F., Boley, H., andB. Grosof, S. T., and Dean, M. (2004). SWRL: A Semantic Web Rule Language combining OWL and RULEML. Technical report, W3C.
- Hu, L., Ying, S., Jia, X., and Zhao, K. (2009). Towards an approach of semantic access control for cloud computing. LNCS Cloud Computing, 5931:145-156.
- Hu, L., Ying, S., Jia, X., and Zhao, K. (2009). Towards an approach of semantic access control for cloud computing. LNCS Cloud Computing, 5931:145-156.
- Majewska, M., Kryza, B., and Kitowski, J. (2007). Translation of Common Information Model to Web Ontology Language. LNCS Computational Science - ICCS 2007, 4487:414-417.
- Majewska, M., Kryza, B., and Kitowski, J. (2007). Translation of Common Information Model to Web Ontology Language. LNCS Computational Science - ICCS 2007, 4487:414-417.
- Mao, H., Huang, L., and Li, M. (2006). Web resource monitoring based on common information model. In IEEE Asia-Pacific Conference on Services Computing.
- Mao, H., Huang, L., and Li, M. (2006). Web resource monitoring based on common information model. In IEEE Asia-Pacific Conference on Services Computing.
- Park, J. and Sandhu, R. (2004). The ucon abc usage control model. ACM Transactions on Information and System Security, 7:128-174.
- Park, J. and Sandhu, R. (2004). The ucon abc usage control model. ACM Transactions on Information and System Security, 7:128-174.
- Perez, J. M. M., Bernabe, J. B., Alcaraz-Calero, J. M., Clemente, F. J. G., Perez, G. M., and Skarmeta, A. F. G. (2011). Semantic-aware authorization architecture for grid security. Future Generation Computer Systems, 27:40-55.
- Perez, J. M. M., Bernabe, J. B., Alcaraz-Calero, J. M., Clemente, F. J. G., Perez, G. M., and Skarmeta, A. F. G. (2011). Semantic-aware authorization architecture for grid security. Future Generation Computer Systems, 27:40-55.
Paper Citation
in Harvard Style
Bernal Bernabe J., M. Marin Perez J., M. Alcaraz Calero J., J. Garcia Clemente F., Martinez Perez G. and F. Gomez Skarmeta A. (2011). TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 333-338. DOI: 10.5220/0003525703330338
in Harvard Style
Bernal Bernabe J., M. Marin Perez J., M. Alcaraz Calero J., J. Garcia Clemente F., Martinez Perez G. and F. Gomez Skarmeta A. (2011). TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 333-338. DOI: 10.5220/0003525703330338
in Bibtex Style
@conference{secrypt11,
author={Jorge Bernal Bernabe and Juan M. Marin Perez and Jose M. Alcaraz Calero and Felix J. Garcia Clemente and Gregorio Martinez Perez and Antonio F. Gomez Skarmeta},
title={TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={333-338},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003525703330338},
isbn={978-989-8425-71-3},
}
in Bibtex Style
@conference{secrypt11,
author={Jorge Bernal Bernabe and Juan M. Marin Perez and Jose M. Alcaraz Calero and Felix J. Garcia Clemente and Gregorio Martinez Perez and Antonio F. Gomez Skarmeta},
title={TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={333-338},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003525703330338},
isbn={978-989-8425-71-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS
SN - 978-989-8425-71-3
AU - Bernal Bernabe J.
AU - M. Marin Perez J.
AU - M. Alcaraz Calero J.
AU - J. Garcia Clemente F.
AU - Martinez Perez G.
AU - F. Gomez Skarmeta A.
PY - 2011
SP - 333
EP - 338
DO - 10.5220/0003525703330338
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS
SN - 978-989-8425-71-3
AU - Bernal Bernabe J.
AU - M. Marin Perez J.
AU - M. Alcaraz Calero J.
AU - J. Garcia Clemente F.
AU - Martinez Perez G.
AU - F. Gomez Skarmeta A.
PY - 2011
SP - 333
EP - 338
DO - 10.5220/0003525703330338