Skip to main content
Log in

Security policy verification for multi-domains in cloud systems

  • Published:
International Journal of Information Security Aims and scope Submit manuscript


The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others


  1. Alcaraz Calero, J., Edwards, N., Kirschnick, J., Wilcock, L., Wray, M.: Toward a multi-tenancy authorization system for cloud services. IEEE Secur. Priv. 8(6), 48–55 (2010)

    Article  Google Scholar 

  2. Alloy. A language and tool for relational models,

  3. ANSI. ANSI INCITS 359–2004, role based access control, (2004)

  4. Armando, A., Ranise, S.: Automated symbolic analysis of arbac-policies (extended version). arXiv, preprint arXiv:1012.5590, (2010)

  5. Bacon, J., Evans, D., Eyers, D.M., Migliavacca, M., Pietzuch, P., Shand, B.: Enforcing end-to-end application security in the cloud (big ideas paper). In: Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware, pp. 293–312. Springer, Berlin (2010)

  6. Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  7. Boost. Boost c++ libraries,, 2011

  8. Bryans, J.W., Fitzgerald, J.S.: Formal Engineering of XACML Access Control Policies in VDM++. Springer, Berlin (2007)

  9. Capitani di Vimercati, S., Foresti, S., Samarati, P.: Authorization and access control. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management, Data-Centric Systems and Applications, pp. 39–53. Springer, Berlin (2007)

  10. CITRIX. Available role based access control permissions for xenserver,, (2013)

  11. Crampton, J., Loizou, G.: Administrative scope and role hierarchy operations. In: In Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 145–154, (2002)

  12. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., (2003)

  13. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, ICSE ’05, pp. 196–205. ACM, New York (2005)

  14. Foster, I., Yong, Z., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, 2008. GCE ’08, pp. 1–10, (2008)

  15. Gong, L., Qian, X.: Computational issues in secure interoperation, (1996)

  16. Gouglidis, A., Mavridis, I.: domRBAC: An access control model for modern collaborative systems. Comput. Secur. 31(4), 540–556 (2012)

    Article  Google Scholar 

  17. Hansen, F., Oleshchuk, V.: Conformance checking of RBAC policy and its implementation. In: Deng, R., Bao, F., Pang, H., Zhou, J. (eds.) Information Security Practice and Experience, volume 3439 of Lecture Notes in Computer Science, pp. 144–155. Springer, Berlin (2005)

  18. Hu, H., Ahn, G.: Enabling verification and conformance testing for access control model. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT ’08, pp. 195–204. ACM, New York (2008)

  19. Hu, V.C., Kuhn, D.R., Xie, T.: Property verification for generic access control models. In: Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 02, EUC ’08, pp. 243–250. IEEE Computer Society, Washington, DC (2008)

  20. Hu, V.C., Kuhn, D.R., Xie, T., Hwang, J.: Model checking for verification of mandatory access control models and properties. Int. J. Softw. Eng. Knowl. Eng. 21(1), 103–127 (2011)

    Article  Google Scholar 

  21. Hughes, G., Bultan, T.: Automated verification of access control policies using a SAT solver. Int. J. Softw. Tools Technol. Transf. 10(6), 503–520 (2008)

    Article  Google Scholar 

  22. Hwang, J., Xie, T., Hu, V., Altunay, M.: ACPT: a tool for modeling and verifying access control policies. In: Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’10, pp. 40–43. IEEE Computer Society, Washington, DC (2010)

  23. Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., Chapin, S.: Automatic error finding in access-control policies. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 163–174. ACM, New York (2011)

  24. JeeHyun, H., Mine, A., Tao, X., Vincent, H.. Model Checking Grid Policies.

  25. Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards formal verification of role-based access control policies. IEEE Trans. Dependable Secur. Comput. 5, 242–255 (2008)

    Article  Google Scholar 

  26. Krapivsky, P., Redner, S.: Network growth by copying. Phys. Rev. E 71(3), 036118 (2005)

    Article  MathSciNet  Google Scholar 

  27. Kuhn, D.R., Kacker, D.R.: Automated combinatorial test methods—beyond pairwise testing (2010)

  28. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, 1st edn. Addison-Wesley Professional, Reading (2002)

    Google Scholar 

  29. Li, W., Wan, H., Ren, X., Li. S.: A refined rbac model for cloud computing. In: Computer and Information Science (ICIS), 2012 IEEE/ACIS 11th International Conference on, pp. 43–48, (2012)

  30. Li, N., Byun, J.-W., Bertino, E.: A critique of the ANSI standard on role-based access control. IEEE Secur. Priv. 5(6), 41–49 (2007)

    Article  Google Scholar 

  31. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Oreilly & Associates Inc, (2009)

  32. Microsoft. Windows azure security guidance,, (2013)

  33. Migliavacca, M., Papagiannis, I., Eyers, D.M., Shand, B., Bacon, J., Pietzuch, P.: Distributed middleware enforcement of event flow security policy. In: Middleware 2010, pp. 334–354. Springer, Berlin (2010)

  34. NASA. Nebula’s implementation of role based access control (RBAC),, (2010)

  35. NetworkX. Networkx,, (2012)

  36. NIST. Combinatorial and Pairwise Testing,, (2012)

  37. NIST. Role based access control (RBAC) and role based security,

  38. NuSMV. A New Symbolic Model Checker,

  39. Nuutila, E.: Efficient transitive closure computation in large digraphs. PhD thesis, Acta Polytechnica Scandinavica. Helsinki University of Technology, (1995)

  40. Oh, S., Sandhu, R.: A model for role administration using organization structure, (2002)

  41. OpenStack. Managing compute users,, (2013)

  42. OpenStack. Users and projects, (2013)

  43. Peter, M., Timothy, G.: The NIST definition of cloud computing, September (2011)

  44. Power, D., Slaymaker, M., Simpson, A.: Conformance checking of dynamic access control policies. In: Formal Methods and Software Engineering, pp. 227–242. Springer, Berlin (2011)

  45. Purdom, P.: A transitive closure algorithm. BIT Numer. Math. 10, 76–94 (1970). doi:10.1007/BF01940892

    Article  MATH  Google Scholar 

  46. Sandhu, R.S., Samarati, P.: Access control: principles and practice. IEEE Commun. Mag. 32, 40–48 (1994)

    Article  Google Scholar 

  47. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  48. Sandhu, R., Bhamidipati, V., Munawer, Q.: The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2(1), 105–135 (1999)

    Article  Google Scholar 

  49. SAnToS Laboratory. Spec patterns, response property pattern,, (2012)

  50. Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a european bank: a case study and discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9. ACM (2001)

  51. Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. Knowl. Data Eng. 17(11), 1557 (2005)

    Google Scholar 

  52. SPIN. The SPIN model checker,

  53. Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. & Priv. 8(6), 24–31 (2010)

    Article  Google Scholar 

  54. Tang, Z., Wei, J., Sallam, A., Li, K., Li, R.: A new rbac based access control model for cloud computing. In: Li, R., Cao, J., Bourgeois, J. (eds.) Advances in Grid and Pervasive Computing, volume 7296 of Lecture Notes in Computer Science, pp. 279–288. Springer, Berlin (2012)

Download references


This work has been (partially) funded by the Research Committee of the University of Macedonia, Greece.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Antonios Gouglidis.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gouglidis, A., Mavridis, I. & Hu, V.C. Security policy verification for multi-domains in cloud systems. Int. J. Inf. Secur. 13, 97–111 (2014).

Download citation

  • Published:

  • Issue Date:

  • DOI: