A secure, constraint-aware role-based access control interoperation framework

Baracaldo, Nathalie; Masoumzadeh, Amirreza; Joshi, James

doi:10.1109/icnss.2011.6060001

Cited by 11 publications

(14 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, the user owner needs to monitor or constrain the roles assigned to its users in other domains in order to prevent violations of security in multi-domain interoperation [7,18]. In this setting, the collaborating domains should both have control over the cross-domain access instead of only one of them.…”

Section: Background and Motivationmentioning

confidence: 99%

Extending OpenStack Access Control with Domain Trust

Tang

Sandhu

2014

Network and System Security

View full text Add to dashboard Cite

Abstract. OpenStack has been rapidly established as the most popular open-source platform for cloud Infrastrusture-as-a-Service in this fast moving industry. In response to increasing access control requirements from its users, the OpenStack identity service Keystone has introduced several entities, such as domains and projects in addition to roles, resulting in a rather complex and somewhat obscure authorization model. In this paper, we present a formalized description of the core OpenStack access control (OSAC). We further propose a domain trust extension for OSAC to facilitate secure cross-domain authorization. We have implemented a proof-of-concept prototype of this trust extension based on Keystone. The authorization delay introduced by the domain trusts is 0.7 percent on average in our experiments.

show abstract

Section: Background and Motivationmentioning

confidence: 99%

Extending OpenStack Access Control with Domain Trust

Tang

Sandhu

2014

Network and System Security

View full text Add to dashboard Cite

show abstract

“…Also, the conflict duties may be associated with different cloud services. In this case, the constraint policy composition process can become very complicated . Thus, the CSP should be responsible to identify potential conflict roles.…”

Section: Mtas Modelsmentioning

confidence: 99%

“…Addressing multi‐domain secure interoperation, the role mapping approaches allow external users in trusted domains to acquire privileges in a local domain through role hierarchy relations. These approaches focus on extending RBAC models and enabling interoperation by mapping roles between domains.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Multi‐tenancy authorization models for collaborative cloud services

Tang

Sandhu

2014

Concurrency and Computation

View full text Add to dashboard Cite

Summary The cloud service model intrinsically caters to multiple tenants, most obviously not only in public clouds but also in private clouds for large organizations. Currently, most cloud service providers isolate user activities and data within a single tenant boundary with no or minimum cross‐tenant interaction. It is anticipated that this situation will evolve soon to foster cross‐tenant collaboration supported by Authorization as a Service. At present, there is no widely accepted model for cross‐tenant authorization. Recently, Calero et al. informally presented a multi‐tenancy authorization system (MTAS), which extends the well‐known role‐based access control model by building trust relations among collaborating tenants. In this paper, we formalize this MTAS model and propose extensions for finer‐grained cross‐tenant trust. We also develop an administration model for MTAS. We demonstrate the utility and practical feasibility of MTAS by means of an example policy specification in extensible access control markup language. To further test the metrics of the model, we develop a prototype system and conduct experiments on it. The result shows that the prototype has 12‐ms policy decision overhead on average and is scalable. We anticipate that researchers will develop additional multi‐tenant authorization models before eventual consolidation and convergence to standard industry practice. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

“…There is an integer programming based approach to resolve the conflicts in the principles of secure inter operation of RBAC models introduced by Shafiq et al [17]. Nathalie et al [18] has proposed a role based framework to enable secure inter operation among multiple domains with temporal and separation of duty constraints. A formal security policy model for multi-domain mobile network has been proposed by Unal et al [4] deals with location and mobility constraints , role hierarchy mapping , inter domain access right , inter domain services and separation of duty.…”

Section: Introductionmentioning

confidence: 99%

Representation of multiple domain role based access control using FCA

Mouliswaran

Cherukuri

Chandrasekar

2015

2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT)

View full text Add to dashboard Cite

There are various security policy models available to deal with the challenges in multiple domain networks. Applying role based access control (RBAC) is one the widely accepted and currently deployed access control model in multiple domain environments to support mobility constraints of users between domains, inter domain services and its access rights. The objective of this paper is representing various access permissions of multiple domain role based access control model using formal concept analysis (FCA) which is one of the widely used mathematical frameworks for knowledge representation and conceptual analysis. To succeed this objective, we deduce a dyadic formal context from the quadratic security context of inter domain role based access control model. We present the implementation of inter domain role based access control security policy with service access matrix and permission assignment relation. The analysis proves that it is possible to simplify the complex quadratic inter domain security context into simple dyadic context and apply it in the multiple domain networks.

show abstract

A secure, constraint-aware role-based access control interoperation framework

Cited by 11 publications

References 24 publications

Extending OpenStack Access Control with Domain Trust

Extending OpenStack Access Control with Domain Trust

Multi‐tenancy authorization models for collaborative cloud services

Representation of multiple domain role based access control using FCA

Contact Info

Product

Resources

About