The cloud computing is an Internet-based computing emerging as a new architecture which aims to give reliable, customizable and QoS guaranteed dynamic environment for end-users. As multi-tenancy is one of the key features of cloud computing where service providers and users have scalable and economic benefits on same cloud platforms. In cloud computing environment the execution process requires resource management due to the processing capability is high to the resource ratio. The aim of the system is to handle resource management by executing scientific workflows. The locating and assigning of free resources is handled through the Cloud-based Workflow Scheduling Algorithm (CWSA) policy. The simulation results shows that the scheduling algorithm improves the performance of scientific workflows and helps in minimization of workflow completion time, tardiness, execution cost and use of idle resources of cloud using simulator Workflowsim.
Abstract. Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for requestresponse applications, it is not supported for database queries of datadriven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control.
Applications are increasingly operating on large data sets. This trend creates problems for access control, which in principle restricts the actions that subjects can perform on any item in that data set. Performance issues therefore emerge, typically for operations on entire data sets. Emerging access control models such as attribute-based access control do meet their limitations in this context. Worse, few solutions exist that addresses performance problems while supporting separation of concerns. In this paper, we present a first approach towards addressing this challenge. We propose a middleware architecture that performs policy transformations and query rewriting for externalized policies to optimize the access control process on the data set. We argue that this offers a promising approach for reducing the policy evaluation overhead for access control on large data sets.
Software-as-a-service (SaaS) has been a growing trend in cloud computing for several years. Moreover, SaaS providers are evolving to application-level multi-tenancy, in which all tenants share the application instances, platform and data store with the aim of maximizing resource sharing. For multi-tenant SaaS applications, access control often is the only application-level security mechanism. However, such access control is inherently complex because both the provider and all tenants should be able to specify their access rules for the application. Moreover, these rules must all be securely combined and correctly enforced in the shared multi-tenant application. To address this challenge, we present the Amusa access control middleware. Amusa enables both the provider and all its tenants to efficiently declare their access rules on the SaaS application. To achieve this, Amusa provides incremental three-layered management based on attribute-based tree-structured policies. Afterwards, Amusa securely combines the access rules of all parties and enforces them at run-time with low performance overhead.
Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based policies described in Auctoritas can be enforced with a low policy evaluation latency.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.