TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD

INFRASTRUCTURE PROVIDERS

Jorge Bernal Bernabe

∗

, Juan M. Marin Perez

∗

, Jose M. Alcaraz Calero

Felix J. Garcia Clemente

, Gregorio Martinez Perez

∗

and Antonio F. Gomez Skarmeta

∗

Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Murcia, Spain

Cloud and Security Lab, Hewlett-Packard Laboratories, Bristol, U.K.

Departamento de Ingenieria y Tecnologia de Computadores, University of Murcia, Murcia, Spain

Keywords: Authorization system, Cloud computing, Multi-tenancy, Trust model, Semantic web.

Abstract: The provision of security services is a key enabler in cloud computing architectures. Focusing on multi-

tenancy authorization systems, the provision of different models including role based access control (RBAC),

hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO) is the main objective

of this paper. Our proposal is based on the Common Information Model (CIM) and Semantic Web technolo-

gies, which have been demonstrated as valid tools for describing authorization models. As the same language

is being used for the information and the authorization models they are both well aligned and thus reducing

the potential mismatch that may appear between the semantics of both models. A trust model enabling the

establishment of coalitions and federations across tenants is also an objective being covered as part of the

research being presented in this paper.

1 INTRODUCTION

Nowadays, many businesses are evolving to start us-

ing Cloud Computing (Hayes, 2008) architectures as

a new way of managing data centers, enabling efﬁ-

cient provisioning of virtual IT architectures. Such

virtual resources are dynamically created and disman-

tled on-demand, providing new pay-as-you-go busi-

ness models for the usage of infrastructures.

To achieve an effective management of the data

centers, cloud computing has provided a well-known

logical stack. This stack is divided in three different

layers: Infrastructure as a Service (IaaS), Platform as

a Service (PaaS) and Software as a Service (SaaS).

From the point of view of the cloud provider, the ac-

cess control model in the IaaS layer becomes a critical

aspect to be considered in order to have a ﬁne control

over the usage of the architecture.

Current cloud vendor providers such as Amazon

EC2

, GoGrid

and Rackspace

rely on mere au-

thentication schemes which do not provide access

control services to the resources managed beyond to-

tal access as administrator to the whole system. Dur-

ing the last few months, some authorization systems

Amazon EC2 available at http://aws.amazon.com/es/ec2/

GoGrid available at http://www.gogrid.com/

Rackspace available at http://www.rackspace.com/index.php

have appeared trying to solve this issue. However,

current solutions lack of enough expressiveness to

describe some real authorization business policies,

which can be a differentiating key for the selection

of one cloud provider or another.

The main aim of this paper is to describe an autho-

rization system suitable for cloud computing archi-

tectures which solve some of these lacks, providing a

multi tenancy authorization system with high level of

expressiveness in the deﬁnition of grants. Moreover,

the establishment of business alliances (coalitions and

federations) by means of a trust model is also consid-

ered as part of the proposal.

This paper has been structured as follows: section

2 provides a related work overview. Section 3 pro-

vides an introduction of the languages used in this ap-

proach. Section 4 describes the authorization model.

Section 5 explains the architecture and the process

carried out for authorization. Finally, section 6 pro-

vides some conclusions and states of direction.

2 RELATED WORK

Some novel authorization models for cloud com-

puting have recently appeared during the last year.

Thus, (Alcaraz-Calero et al., 2010a) has provided

333

Bernal Bernabe J., M. Marin Perez J., M. Alcaraz Calero J., J. Garcia Clemente F., Martinez Perez G. and F. Gomez Skarmeta A..

TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS.

DOI: 10.5220/0003525703330338

In Proceedings of the International Conference on Security and Cryptography (SECRYPT-2011), pages 333-338

ISBN: 978-989-8425-71-3

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

an advanced multi-tenancy authorization model with

RBAC support based on authorization statements de-

ﬁned by means of paths. (Danwei et al., 2009) has

provided another authorization system based on us-

age control access model (UCON) (Park and Sandhu,

2004) and negotiation technologies.

While the previous authorization systems are suit-

able for cloud computing, they may lack of enough

expressiveness for deﬁning high level authorization

policies. This lack of expressivenesscan be addressed

under the usage of the Semantic Web technologies

and ontological approaches since they provide a sig-

niﬁcant level of expressiveness. Some authoriza-

tion systems have been proposed under Semantic

Web. Thus, (Alcaraz-Calero et al., 2010b) provides a

complete multi-tenancy authorization model for dis-

tributed system with support for RBAC, hRBAC, cR-

BAC and authorization policies. (Perez et al., 2011)

proposed other semantic-aware multi-tenancy autho-

rization system for grid architectures.These previous

proposals are not directly designed for cloud comput-

ing but they may be considered as the basis for the de-

signing of a semantic-aware authorization model for

cloud computing.

Regarding semantic-aware proposals designed for

cloud computing, (Hu et al., 2009) analyses existing

access control methods and present a new Seman-

tic Access Control Policy Language (SACPL) for de-

scribing access control policies in cloud computing

environment. Although, this is a prominent research

work, authors only provide simple RBAC support and

they do not describe the semantics of the authoriza-

tion model proposed hampering the evaluation of the

quality of such approach.

3 INFORMATION MODEL FOR

AUTHORIZATION

A model is used to represent authorization related

concepts as well as the resources to be protected by

the authorization system. This model is represented

by means of ontologies, since they provide high ex-

pressiveness to deﬁne the different concepts and their

semantics. The ontologies being represented in this

model have been deﬁned using the Ontology Web

Language 2 (OWL 2). This is a W3C standard which

enables the speciﬁcation of ontologies. The Semantic

Web Rule Language (SWRL) (Horrocks et al., 2004)

is used to represent rules on the Semantic Web and it

extends OWL 2 in order to provide a way to express

conditional knowledge. These languages have a com-

mon basic logic formalism called Description Logic.

This formalism provides a highly expressive language

for describing semantic features such as inheritance

among concepts and properties, transitiveness and re-

ﬂexiveness in properties, disjointness of concepts and

conditional knowledge.

In order to represent the resources to be protected

by the authorization system, we chose a reference

model to generate the ontology which models the con-

cepts and semantics of the underlying managed vir-

tual infrastructure. The Common Information Model

(CIM) (Bumpus et al., 2000) created by the DMTF

has been selected as base model for our authorization

system. Several reasons have motivated this choice:

it is a quite complete information model, it supports

extensibility mechanisms and it is an standard infor-

mation model. Moreover, there are related standards

and technologies grouped under the WBEM speciﬁ-

cations which allow to dynamically gather the cur-

rent state of the underlying infrastructure by means of

CIM. Additionally, this information model has been

used in several research works like (Debusmann and

Keller, 2003), (Mao et al., 2006), among others, and it

is used in a wide variety of large systems such as SAP,

Microsoft Windows and VMWare, among others.

CIM provides many concepts and relationships to

represent an information system. However, the model

used in our authorization system is intended to rep-

resent only the managed resources and not all the in-

formation is really needed. Thus, a subset of CIM

is used. The concrete subset depends on the ele-

ments and capabilities of the virtual infrastructure to

be managed. Common concepts managed in cloud in-

frastructure include virtual machines (VMs), virtual

networks which interconnect the VMs, volumes at-

tached to the VMs, etc. The model should contain

enough concepts and relationships to deﬁne the dif-

ferent elements to be protected by the authorization

system. The model can also be extended to incorpo-

rate speciﬁc concepts making use of the extensibility

mechanisms provided by CIM.

Different representations of CIM in OWL are

provided in several works like (Majewska et al.,

2007), (Heimbigner,2004) and (Alcaraz-Calero et al.,

2010b). In this paper, the approach proposed by

(Alcaraz-Calero et al., 2010b) has been selected to

perform the representation of CIM in OWL. This ap-

proach is available at the XCIM2OWL Sourceforge

project.

4 AUTHORIZATION

Authorization decisions are taken based on some priv-

ileges deﬁned for some subjects on some resources.

In this approach, privileges are established by means

SECRYPT 2011 - International Conference on Security and Cryptography

334

of authorization statements. An authorization state-

ment basically establishes that a subject has a privi-

lege on a resource. It can be represented by the 3-

tuple (Subject, Privilege, Resource).

In order to support a Role-based Access Control

(RBAC) model, a subject can be either a user or a role.

These authorization statements can be represented in

the model by means of the set of CIM concepts and

relationships depicted in Figure 1.

!"#"$%&'(%)%#* !"#$%&'()*+&','-).)

/)/0)&123%--)4#'%5

6"#$%&'()*7"08)4#

6"#$%&'()*:6&.)#

;*)5#'#<

=%-)

!"#"$%&'(%)%#*

+,((%-*.,#

Figure 1: UML diagram of authorization concepts.

Subjects are represented by the

Identity

and

Role

concepts. The association of subjects to priv-

ileges is accomplished via the

authorizedSubject

association. The resources of the underlying virtual

infrastructure that are protected are similarly deﬁned

via the

authorizedTarget

association. This asso-

ciation connects with the

ManagedElement

concept,

which is the common root superclass in CIM. This

enables the deﬁnition of any element of the model as

target for authorization.

These elements of the model represent a positive

authorization statement. When a user tries to perform

some action on a given resource in the system, the au-

thorization system searches the model for the set of

concepts and relationships. If no positive authoriza-

tion statement is found in the model, then the access

to the resource will be denied, i.e. a ’deny by default’

policy is followed.

In this approach, SWRL is used to deﬁne rules

based on the concepts represented in the model. In

particular, two different kinds of rules are consid-

ered: rules and meta-rules. Rules are used to map

the authorization statements represented by the tuples

to the corresponding concepts and relationships of the

model which represent the speciﬁed semantics of the

statement. In turn, meta-rules are rules which are de-

ﬁned to extend the semantics of the model, thus en-

abling support for different authorization features.

One of these features is Role-based Access Con-

trol (RBAC) support, which enables the deﬁnition of

privileges for roles. A meta-rule is deﬁned to provide

the RBAC semantics by propagating the privileges as-

signed to a role to the identities belonging to that role.

Rule 1 shows this meta-rule in SWRL abstract syntax.

Role(?r) ∧ AuthorizedPrivilege(?p) ∧ authorizedSub ject(?p, ?r)∧ (1)

Identity(?i) ∧memberO fCollection(?i, ?r)∧ (2)

→ (3)

authorizedSubject(?p, ?i) (4)

Rule 1: Role privileges propagation meta-rule.

The ﬁrst line of Rule 1 deﬁnes a role which has

some privilege associated. Line 2 selects the identi-

ties which are members of that role and the rule con-

sequent establishes the

authorizedSubject

associ-

ation to grant the privilege to these identities.

Hierarchical Role-based Access Control (hRBAC)

extends RBAC with the ability to deﬁne role hier-

archies. In our approach, these hierarchies can be

deﬁned by means of the

memberOfCollection

as-

sociation. Privilege inheritance is achieved by es-

tablishing the semantics of this hierarchical relation-

ship in the model. The deﬁnition in OWL of the

memberOfCollection

property as transitive makes

the system to consider any instance belonging to any

role, also belonging to its parent roles in the hierarchy.

Then, for any given instance, rule 1 will propagate the

privileges in the role hierarchy.

Enabling object hierarchies in the model provides

a higher expressiveness to the authorization system.

This feature enables the deﬁnition of privilegesaffect-

ing a given object to be inherited by its children ob-

jects in the hierarchy. For example, privileges affect-

ing a directory would also apply to its subdirectories

and ﬁles. This approach can also be applied to com-

pound objects (e.g. a privilege deﬁned over a network

may also affect to each element which forms part of

such a network). This feature is achieved by incor-

porating the corresponding semantics to the model

and by deﬁning meta-rules which establish the priv-

ilege propagation. In CIM, associations used to es-

tablish ’part of ’ and dependency relationships share

the common root

Component

and

Dependency

asso-

ciations, respectively. The deﬁnition of these two root

associations as transitive in OWL enables the autho-

rization system to recognize all subcomponents and

dependent objects through the whole hierarchy. The

SWRL meta-rules which propagate the privileges are

deﬁned in a similar way as rule 1.

Conditional RBAC is also supported in this ap-

proach. It is done by enabling the granting of priv-

ileges according to some conditions. In order to

provide this feature, the authorization statements are

now represented by a 4-tuple (Subject, Privilege, Re-

source, Conditions). This means that the permissions

deﬁned in the statement only apply when the speci-

ﬁed conditions are fulﬁlled. The expressiveness pro-

vided by SWRL has been used to provide this feature,

TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS

335

including some antecedents to the rule which maps

the statement to the model. Rule antecedents are gen-

erated from the conditions speciﬁed by the adminis-

trator in the 4-tuple. Authorization statements which

does not specify any condition will result in a rule

with an empty antecedent.

Finally, multi tenancy support is also needed in

this environment, since usually multiple entities share

the same cloud provider and it has to ensure a secure

access to the information. This feature is provided

in our authorization system by keeping the authoriza-

tion models of the different administrative domains

isolated at the level of knowledge. Supporting this

multi tenancy feature, also implies a new extension

to the authorization statements, adding the concept of

Issuer, which represents the entity which deﬁnes the

statement. Thus, the authorization statements are now

represented by the 5-tuple (Issuer, Subject, Privilege,

Resource, Conditions). This tuple can be read as ’The

entity Issuer states that the user or role Subject has

the permissions deﬁned by Privilege over the element

Resource’.

Related to the multi tenancyfeature, coalition sup-

port is also provided in our approach by enabling dif-

ferent organizations to collaborate in the Cloud. Trust

relationships among differentdomains can be deﬁned,

meaning that an entity is able to access the knowl-

edge of another entity if a trust relationship is estab-

lished. The management of these different entities

knowledge will be further explained in section 5.

5 ARCHITECTURE

This section describes the cloud architecture designed

for the authorization model described in sections

3 and 4. As can be seen in ﬁgure 2, the cloud

computing deﬁnes a stack composed of three lay-

ers: Infrastructure-as-a-Service(IaaS), Platform-as-a-

Service (PaaS) and Software-as-a-Service (Saas). In-

frastructure as a Service is the delivery of computer

hardware, i.e. servers, networking technology, stor-

age, and data center space, as a service. The layer

also includes the delivery of on-deman virtualization

infrastructures to manage the resources. The func-

tionality of managing these virtual infrastructures is

provided by means of an

IaaS API

Our semantic-aware authorization architecture,

which is depicted in Figure 2, has been designed

to be suitable for the IaaS layer. The architec-

ture, following a multi-tenancy approach, provides

access control to the infrastructure resources man-

aged by the IaaS according to the authorization rules

deﬁned previously by customers. Our solution ex-

!"#$%&'$()'($*+%&+%+,*$-.)*

/0%'#1$2+%&+%+,*$-.)*

,1#'3%$* %&+%+,*$-.)*

!" !"

/45&.)%0+

6%)4."*&

701(8+,'%)9

:.$'(%0+!"#$%&'$()'($*

$%&'()'*&+(

$,,-./0$

"+%1&+(1%2

$,,-./0$

/3&4+(15,&1+%.

/0$

-'6,%&1)/34&7-'(81)'

9(35&.

",%,2'(

/3&47

:%21%'

Figure 2: Semantic Authorization Architecture for Cloud.

tends the already existing IaaS API solutions in or-

der to cope with a ﬁne grain authorization mecha-

nism based on a high level of expressiveness. Thus,

when a customer invokes the

IaaS API

trying to ac-

cess to a resource of the virtual infrastructure, the

Interceptor

module captures the request and deliv-

ers it to the

SemanticAuthzService

in order to eval-

uate whether the customer has grants to access to the

resource or not. After checking the access control,

the

Interceptor

, in case of an afﬁrmative response

from the

SemanticAuthzService

, forwards the re-

quest again to the IaaS API which performs the cor-

responding action.

As explained in section 4, the authorization rules

required to perform the authorization decision are ob-

tained from the authorization statements. The state-

ments are conﬁgured and inserted in the system by

users (either customers and/or system administrators)

making use of the

Authorization API

. This API,

taking these statements deﬁnitions as input, translates

them as authorization rules in SWRL format in or-

der to be later stored in a central repository called

Knowledge Base(KB)

. The KB holds all the autho-

rization informationneeded to carry out the authoriza-

tion decision. It includes, the authorization rules and

the information model deﬁning the virtual infrastruc-

ture being managed.

Since the

SemanticAuthzService

requires infor-

mation about the underline virtual environment, the

information stored at the

Knowledge Base

has to be

kept up to date with the information managed by the

IaaS. The

Monitoring

module is the authorization

system component in charge of obtaining this kind of

information from the IaaS API and translating it to

the CIM-based ontology model used in the KB, as de-

scribed in section 3.

The authorization service is composed of two

SECRYPT 2011 - International Conference on Security and Cryptography

336

main components the

Authorization Engine

and

the

Trust Manager

. The former can be seen as the

core of the authorization system since it takes autho-

rization decisions reasoning over the SWRL rules and

the ontology model. The latter manages the privacy of

the information of the different organizations which

make use of the cloud infrastructure according to the

trust relationships existing between them.

5.1 Trust Management

A collaboration agreement between two organizations

can be represented by means of a trust relationship (A

trusts B). This means that a user of the organization

B can access to the authorization rules as well as to

the managed resources from organization A. This en-

ables users of the organization B to deﬁne his own

authorizations rules taking into account the particular

domain information and the authorizationmodel of A.

Thus, if there is a trust relationship between A and

B, the

Authorization Engine

can use the autho-

rization rules as well as the ontology model hold in

the KB deﬁned for A when a authorization decision

has to be taken for an organization B. This allows or-

ganizations to control the access to their authorization

information and the resources of the IaaS layer they

use. Keeping the information model and the autho-

rization rules private implies that nobody outside of

the established agreement will be able to deﬁne or use

rules allowing members of untrusted organizations to

access to private resources. By default nobody trusts

anyone else unless there is an explicit statement of

this. Only a user of a given domain can insert or

remove rules regarding her domain. As a result, the

Trust Manager

controls the privacy of all the infor-

mation stored in the

Knowledge Base

The

TrustManager

is in charge of selecting the

information to be used to make the authorization de-

cision. This choice is done taking into account the

Issuer to provide multi-tenancy in the cloud envi-

ronment. There is one KB for each organization

containing its own domain model and rules as well

as the knowledge of its trusted organizations. The

TrustManager

is also responsible of managing the

life cycle of the different KBs according to the trust

relationships between the organizations.

When a user tries to access to a resource,

the request reaches ﬁrstly to the

IaaS API

. The

Interceptor

takes the request and forwards it to the

SemanticAuthzService

. Then, the

Trust Manager

selects the corresponding KB according to the organi-

zation to which the request target belongs. Once the

Authorization Engine

knows about the appropri-

ate KB where performing the authorization query it

reasons over the model and rules deriving the autho-

rization decision. Then, the authorization response is

sent back to the

Interceptor

which forwards it to

the IaaS-API that ﬁnally grantees or denies the access

to the resource based on the decision.

5.2 Reasoning Process

The information about the underline virtual infras-

tructure as well as the authorization model and

constraints are speciﬁed as an OWL ontology.

AuthzEngine

performs authorization decisions based

on the reasoning process performed by an OWL and

SWRL reasoner. During the reasoning process, the

reasoner uses the knowledge base which contains the

OWL ontology model together with the authorization

rules and meta rules deﬁned in form of SWRL rules.

At these stage, two kinds of reasoning can be identi-

ﬁed: OWL reasoning and SWRL reasoning. Whereas

the former deal with operations of querying, valida-

tion and inference about the ontology, the latter con-

sists on performing inference with SWRL rules. The

inference process (about both the OWL ontology and

the SWRL rules) generates new knowledge updating

the KB. Validation is also performed, checking the

ontology for inconsistencies or constraint violations.

Usually during the reasoning process, the SWRL

authorization rules infers new OWL AuthorizedPrivi-

lege instances which represent an authorization deﬁ-

nition according to our CIM based model depicted in

Figure 1. Thus, these instances are present in the KB

as the result of the inference from a rule represent-

ing an authorization statement. To perform the de-

cision, the

AuthzEngine

component queries the rea-

soner looking for these OWL instances in the KB.

Listing 1 shows the authorization query which looks

for the privilegeallowing a subject to access to a given

target when he tries to perform certain action.

PARAMS (subject, target , action )

SELECT(?p)

WHERE AuthorizedPrivilege(?p) ∧ action(?p, ,#action) ∧

Identity(?s) ∧ instanceID(?s, #subject) ∧

authorizedSubject(?p, ?s) ∧ authorizedTarget(?p, #target)

Listing 1: Authorization query.

The query explores the KB looking for an

AuthorizedPrivilege

instance which is associated

with the given subject and target. The query has three

parameters: the subject or identity which is trying

to access, the target representing the cloud resource

which is being accessed, and the action performed

against the target. If the query does not return any

privilege instance, the

AuthzEngine

denies the sub-

ject accessing the target (deny by default).

TOWARDS AN AUTHORIZATION SYSTEM FOR CLOUD INFRASTRUCTURE PROVIDERS

337

6 CONCLUSIONS AND FUTURE

WORK

A multi-tenancy semantic-aware authorization model

based on CIM has been proposed for cloud comput-

ing scenarios. This authorization model enables high-

level authorization policies while overcoming certain

lacks of expresiveness of its predecessors and provid-

ing support for advanced authorization features such

as RBAC, hRBAC, cRBAC, HO and authorization

policies. Semantic Web tecnologies has been demon-

strated as useful for describing authorization models.

Moreover, the usage of the same language for ex-

pressing both information and authorization models

avoid any mismatch between the semantics of the in-

formation model and the semantics of the authoriza-

tion model, which in turn, is a a potential problem

available in most of the current authorization propos-

als.

As a future work, the implementation of an au-

thorization plug-in for the Eucalyptus open source

cloud provider, in which the authorization model ex-

plained here can be inserted in production scenarios

is a desised result. It is also expected for the com-

ing months to perform intensive performance anal-

ysis of the authorization model proposed in order

to stablish an analitical comparison of the trade-off

between language expressiveness and system perfor-

mance. Moreover, another expected work is the ex-

tension of the authorization model proposed in order

to include conﬂict detection capabilities in cloud com-

puting architectures.

ACKNOWLEDGEMENTS

This work has been partially funded by the project

”Secure Management of Information across multiple

Stakeholders (SEMIRAMIS)” CIP-ICT PSP-2009-3

250453, within the EC Seven Framework Programme

(FP7). Thanks also to the Funding Program for Re-

search Groups of Excellence granted by the Seneca

Foundation (04552/GERM/06). Authors also thank to

the the Seneca Foundation for the post-doctoral grant

15714/PD/10 sponsoring Jose M. Alcaraz Calero. Fi-

nally, authors would like to specially thanks Nigel Ed-

wards for his great contribution to the authorization

ﬁeld.

REFERENCES

Alcaraz-Calero, J. M., Edwards, N., Kirschnick, J.,

Wilcock, L., and Wray, M. (2010a). Towards a multi-

tenancy authorization system for cloud services. IEEE

Security and Privacy, 8(6):48–55.

Alcaraz-Calero, J. M., Perez, G. M., and Skarmeta, A. F. G.

(2010b). Towards an authorization model for dis-

tributed systems based on the semantic web. IET In-

formation Security, 4(4):411–421.

Bumpus, W., Sweitzer, J. W., Thompson, P., Westerinen,

A., and Williams, R. C. (2000). Common information

model: implementing the object model for enterprise-

management. John Wiley & Sons, Inc.

Danwei, C., Xiuli, H., and Xunyi, R. (2009). Access control

of cloud service based on ucon. LNCS Cloud Comput-

ing, 5931:559–564.

Debusmann, M. and Keller, A. (2003). SLA-driven man-

agement of distributed systems using the common in-

formation model. In Proceeding of the 8th IFIP/IEEE

International Symposium on Integrated Network Man-

agement.

Hayes, B. (2008). Cloud computing. Communications of

the ACM, 51(7):9–11.

Heimbigner, D. (2004). DMTF - CIM to OWL: A Case

Study in Ontology Conversion. In Conference on Soft-

ware Engineering and Knowledge Engineering.

Horrocks, I., Patel-Schneider, P. F., Boley, H., andB.

Grosof, S. T., and Dean, M. (2004). SWRL: A Se-

mantic Web Rule Language combining OWL and

RULEML. Technical report, W3C.

Hu, L., Ying, S., Jia, X., and Zhao, K. (2009). Towards an

approach of semantic access control for cloud com-

puting. LNCS Cloud Computing, 5931:145–156.

Majewska, M., Kryza, B., and Kitowski, J. (2007). Trans-

lation of Common Information Model to Web Ontol-

ogy Language. LNCS Computational Science - ICCS

2007, 4487:414–417.

Mao, H., Huang, L., and Li, M. (2006). Web resource mon-

itoring based on common information model. In IEEE

Asia-Paciﬁc Conference on Services Computing.

Park, J. and Sandhu, R. (2004). The ucon abc usage control

model. ACM Transactions on Information and System

Security, 7:128–174.

Perez, J. M. M., Bernabe, J. B., Alcaraz-Calero, J. M.,

Clemente, F. J. G., Perez, G. M., and Skarmeta, A.

F. G. (2011). Semantic-aware authorization architec-

ture for grid security. Future Generation Computer

Systems, 27:40–55.

SECRYPT 2011 - International Conference on Security and Cryptography

338