A Methodology for the Development and Verification of Access Control Systems in Cloud Computing

Gouglidis, Antonios; Mavridis, Ioannis

doi:10.1007/978-3-642-37437-1_8

Cited by 2 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As an example, Gouglidis and Mavridis (2013) proposed a methodology for the development and verification of access control systems in cloud computing. The authors verify the access control systems against organizational security requirements using techniques that are based on simple transition systems.…”

Section: Related Workmentioning

confidence: 99%

Formal verification of secure information flow in cloud computing

Zeng

Koutny

Watson

et al. 2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

Federated cloud systems increase the reliability and reduce the cost of computational support to an organization. However, the resulting combination of secure private clouds and less secure public clouds impacts on the overall security of the system as applications need to be located within different clouds. In this paper, the entities of a federated cloud system as well as the clouds are assigned security levels of a given security lattice. Then a dynamic flow sensitive security model for a federated cloud system is introduced within which the Bell-LaPadula rules and cloud security rule can be captured. The rest of the paper demonstrates how Petri nets and the associated verification techniques could be used to analyze the security of information flow in federated cloud systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Formal verification of secure information flow in cloud computing

Zeng

Koutny

Watson

et al. 2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

show abstract

“…The contributions of this dissertation are centred on the following topics: definition of a requirements engineering approach, the modeling of an AC model for use in modern collaborative systems, and a verification technique to verify the correctness of the defined model against security properties. All the aforementioned are placed in the context of a systems engineering methodology for an end-to-end development of AC models, as originally presented in (Gouglidis and Mavridis, 2013). In the remainder of this section, we present the contributions in more details.…”

Section: Research Areasmentioning

confidence: 99%

“…Our proposed RBAC model is illustrated in Mavridis, 2011, 2012a). The SE methodology is proposed in (Gouglidis and Mavridis, 2013), and lastly, our approach to the verification of security properties is modelled in (Gouglidis et al, 2013a,b). <xs:element name="Inter_Child_Role" type="xs:string" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="Intra_Parent_Role" type="xs:string" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="Intra_Child_Role" type="xs:string" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="SSD_Role" type="xs:string" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="DSD_Role" type="xs:string" minOccurs="0" maxOccurs="1"/> </xs:sequence> <xs:element name="SR_Cardinality" type="xs:unsignedLong" minOccurs="0" maxOccurs="1"/> <xs:element name="DR_Cardinality" type="xs:unsignedLong" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="Name"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="Inter_Parent_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="Inter_Child_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="Intra_Parent_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="Intra_Child_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="SSD_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="DSD_Role"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="SR_Cardinality"> <xs:complexType mixed="true"/> </xs:element> <xs:element name="DR_Cardinality"> <xs:complexType mixed="true"/> < proposal is based on NIST's (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning.…”

Section: Closing Remarksmentioning

confidence: 99%

Access control requirements engineering, modeling and verification in multi-domain grid and cloud computing systems

Gouglidis¹,

Γουγλίδης²

Self Cite

View full text Add to dashboard Cite

Recent advances in sciences and business models required the invention of new and innovative types of systems in order for them to be used as a development and deployment platform for applications. Examples of such systems are the Grid and Cloud computing paradigms. Both of them are evolutionary distributed and collaborative systems, which have currently become the de facto platforms for the development and deployment of various types of applications. Despite the different nature of these two types of systems, several requirements and principles remain the same in both of them. Security is an essential principle and it is required to be maintained during any collaboration among participants. Despite the benefits of existing security solutions there are few proposals that addressed the problem of how to maintain security among domains where each implement its own access control (AC) policy. Moreover, the majority of existing solutions are static in nature and not suitable for the examined systems. models and mechanisms using the conceptual categorization, their pros and cons are exposed. Apart from the mapping of the AC area in Grid and Cloud systems, the given comparison renders valuable information for further enhancement of current approaches. Moreover, we define an enhanced Role-Based Access Control (RBAC) model entitled domRBAC for collaborative systems, which is based on the ANSI INCITS 359-2004 AC model. The domRBAC is capable of differentiating the security policies that need to be enforced in each domain and to support collaboration under secure inter-operation. Cardinality constraints along with context information are incorporated to provide the ability of applying simple usage management of resources for the first time in a RBAC model. Furthermore, secure inter-operation is assured among collaborating domains during interdomain role assignments, gradually and automatically. Yet, domR-BAC, as an RBAC approach, intrinsically inherits all of its virtues such as ease of management, and Separation of Duty (SoD) with the latter also being supported in multiple domains. As a proof of concept, we implemented a simulator based on the definitions of our proposed AC model and conducted with experimental studies to demonstrate the feasibility and performance of our approach. Lastly, we provide a formal definition of secure inter-operation properties in temporal logic, which can be verified using model checking techniques. The proposed technique consists of a generic one, and thus, can be used in any RBAC model to verify indirectly the correctness of the secure inter-operation functions that implement the global security policy. As a proof of concept, we provide examples that illustrate the enforcement of the defined secure inter-operation properties, which have to be verified in RBAC policies, and a performance analysis of the proposed technique.

show abstract

A Methodology for the Development and Verification of Access Control Systems in Cloud Computing

Cited by 2 publications

References 16 publications

Formal verification of secure information flow in cloud computing

Formal verification of secure information flow in cloud computing

Access control requirements engineering, modeling and verification in multi-domain grid and cloud computing systems

Contact Info

Product

Resources

About