Untitled

Periorellis, P; Cook, Nick; Hiden, Hugo; Conlin, A; Hamilton, Matthew A.; Wu, J; Bryans, Jeremy; Gong, Xiaofeng; Feng, Zhang; Smith, Rob; Watson, Paul; Wright, A.R.

doi:10.1002/cpe.v20:11

Cited by 23 publications

(10 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Third, while there is a large body of literature, e. g., [8,10,11], on improving the performance of security frameworks using caching strategies, only proactive caching [11,12] addresses the caching of dynamic access control properties. Still, proactive caching is only able to cache dynamic access control constraints if they are first-class citizens of the underlying access control language.…”

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…As many widely used policy languages, e. g., [6,15], are not supporting such context requirements as first class citizens, they are usually encoded as access control constraints [7]. For example, XACML [15], PERMIS [6], or SecureUML [4] are supporting access control constraints. By definition, these constraints depend on context information such as attributes of a resource (e. g., its owner, last modification date, shipping destination) and, as such, are not amenable for caching access control decisions [12].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Idea: Efficient Evaluation of Access Control Constraints

Brucker¹,

Petritsch²

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Business requirements for modern enterprise systems usually comprise a variety of dynamic constraints, i. e., constraints that require a complex set of context information only available at runtime. Thus, the efficient evaluation of dynamic constraints, e. g., expressing separation of duties requirements, becomes an important factor for the overall performance of the access control enforcement.In distributed systems, e. g., based on the service-oriented architecture (SOA), the time for evaluating access control constraints depends significantly on the protocol between the central Policy Decision Point (PDP) and the distributed Policy Enforcement Points (PEPs).In this paper, we present a policy-driven approach for generating customized protocol for the communication between the PDP and the PEPs. We provide a detailed comparison of several approaches for querying context information during the evaluation of access control constraints.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Idea: Efficient Evaluation of Access Control Constraints

Brucker¹,

Petritsch²

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Authentication [9], access control models, and authorisation infrastructures [7] provide critical security measures for enabling confidentiality, integrity, and availability to an organisation's resources. These rely on models, such as Role Based Access Control (RBAC) [26] and Attribute Based Access Control (ABAC) [19], in order to support large scale distributed systems.…”

Section: Insider Threatsmentioning

confidence: 99%

“…SAAF's objective is to monitor the usage of authorisation infrastructures, analysing subject interactions and adapt this infrastructure accordingly. SAAF was applied in the context of an authorisation system called PERMIS [7]. Since PERMIS has a particular architecture, SAAF design was specifically tailored to observe and control PERMIS.…”

Section: Introductionmentioning

confidence: 99%

Self-adaptive authorisation in OpenStack cloud platform

Silva

Diniz

Cacho

et al. 2018

J Internet Serv Appl

View full text Add to dashboard Cite

Although major advances have been made in protection of cloud platforms against malicious attacks, little has been done regarding the protection of these platforms against insider threats. This paper looks into this challenge by introducing self-adaptation as a mechanism to handle insider threats in cloud platforms, and this will be demonstrated in the context of OpenStack. OpenStack is a popular cloud platform that relies on Keystone, its identity management component, for controlling access to its resources. The use of self-adaptation for handling insider threats has been motivated by the fact that self-adaptation has been shown to be quite effective in dealing with uncertainty in a wide range of applications. Insider threats have become a major cause for concern since legitimate, though malicious, users might have access, in case of theft, to a large amount of information. The key contribution of this paper is the definition of an architectural solution that incorporates self-adaptation into OpenStack Keystone in order to handle insider threats. For that, we have identified and analysed several insider threats scenarios in the context of the OpenStack cloud platform, and have developed a prototype that was used for experimenting and evaluating the impact of these scenarios upon the self-adaptive authorisation system for the cloud platforms.

show abstract

Grid Middleware and Services

Talia

Yahyapour²,

Ziegler

2008

View full text Add to dashboard Cite

Untitled

Cited by 23 publications

References 57 publications

Idea: Efficient Evaluation of Access Control Constraints

Idea: Efficient Evaluation of Access Control Constraints

Self-adaptive authorisation in OpenStack cloud platform

Grid Middleware and Services

Contact Info

Product

Resources

About