Abstract
The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.
Similar content being viewed by others
References
Alcaraz Calero, J., Edwards, N., Kirschnick, J., Wilcock, L., Wray, M.: Toward a multi-tenancy authorization system for cloud services. IEEE Secur. Priv. 8(6), 48–55 (2010)
Alloy. A language and tool for relational models, http://alloy.mit.edu/alloy/
ANSI. ANSI INCITS 359–2004, role based access control, (2004)
Armando, A., Ranise, S.: Automated symbolic analysis of arbac-policies (extended version). arXiv, preprint arXiv:1012.5590, (2010)
Bacon, J., Evans, D., Eyers, D.M., Migliavacca, M., Pietzuch, P., Shand, B.: Enforcing end-to-end application security in the cloud (big ideas paper). In: Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware, pp. 293–312. Springer, Berlin (2010)
Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press, Cambridge (2008)
Boost. Boost c++ libraries, http://www.boost.org/, 2011
Bryans, J.W., Fitzgerald, J.S.: Formal Engineering of XACML Access Control Policies in VDM++. Springer, Berlin (2007)
Capitani di Vimercati, S., Foresti, S., Samarati, P.: Authorization and access control. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management, Data-Centric Systems and Applications, pp. 39–53. Springer, Berlin (2007)
CITRIX. Available role based access control permissions for xenserver, http://support.citrix.com/article/ctx126441, (2013)
Crampton, J., Loizou, G.: Administrative scope and role hierarchy operations. In: In Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 145–154, (2002)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., (2003)
Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, ICSE ’05, pp. 196–205. ACM, New York (2005)
Foster, I., Yong, Z., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, 2008. GCE ’08, pp. 1–10, (2008)
Gong, L., Qian, X.: Computational issues in secure interoperation, (1996)
Gouglidis, A., Mavridis, I.: domRBAC: An access control model for modern collaborative systems. Comput. Secur. 31(4), 540–556 (2012)
Hansen, F., Oleshchuk, V.: Conformance checking of RBAC policy and its implementation. In: Deng, R., Bao, F., Pang, H., Zhou, J. (eds.) Information Security Practice and Experience, volume 3439 of Lecture Notes in Computer Science, pp. 144–155. Springer, Berlin (2005)
Hu, H., Ahn, G.: Enabling verification and conformance testing for access control model. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT ’08, pp. 195–204. ACM, New York (2008)
Hu, V.C., Kuhn, D.R., Xie, T.: Property verification for generic access control models. In: Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 02, EUC ’08, pp. 243–250. IEEE Computer Society, Washington, DC (2008)
Hu, V.C., Kuhn, D.R., Xie, T., Hwang, J.: Model checking for verification of mandatory access control models and properties. Int. J. Softw. Eng. Knowl. Eng. 21(1), 103–127 (2011)
Hughes, G., Bultan, T.: Automated verification of access control policies using a SAT solver. Int. J. Softw. Tools Technol. Transf. 10(6), 503–520 (2008)
Hwang, J., Xie, T., Hu, V., Altunay, M.: ACPT: a tool for modeling and verifying access control policies. In: Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY ’10, pp. 40–43. IEEE Computer Society, Washington, DC (2010)
Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., Chapin, S.: Automatic error finding in access-control policies. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 163–174. ACM, New York (2011)
JeeHyun, H., Mine, A., Tao, X., Vincent, H.. Model Checking Grid Policies. https://sites.google.com/site/gridpolicyproject/home
Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards formal verification of role-based access control policies. IEEE Trans. Dependable Secur. Comput. 5, 242–255 (2008)
Krapivsky, P., Redner, S.: Network growth by copying. Phys. Rev. E 71(3), 036118 (2005)
Kuhn, D.R., Kacker, D.R.: Automated combinatorial test methods—beyond pairwise testing (2010)
Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, 1st edn. Addison-Wesley Professional, Reading (2002)
Li, W., Wan, H., Ren, X., Li. S.: A refined rbac model for cloud computing. In: Computer and Information Science (ICIS), 2012 IEEE/ACIS 11th International Conference on, pp. 43–48, (2012)
Li, N., Byun, J.-W., Bertino, E.: A critique of the ANSI standard on role-based access control. IEEE Secur. Priv. 5(6), 41–49 (2007)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. Oreilly & Associates Inc, (2009)
Microsoft. Windows azure security guidance, http://www.windowsazure.com/en-us/develop/net/best-practices/security/, (2013)
Migliavacca, M., Papagiannis, I., Eyers, D.M., Shand, B., Bacon, J., Pietzuch, P.: Distributed middleware enforcement of event flow security policy. In: Middleware 2010, pp. 334–354. Springer, Berlin (2010)
NASA. Nebula’s implementation of role based access control (RBAC), http://nebula.nasa.gov/blog/2010/06/03/nebulas-implementation-role-based-access-control-rbac/, (2010)
NetworkX. Networkx, http://networkx.lanl.gov/, (2012)
NIST. Combinatorial and Pairwise Testing, http://csrc.nist.gov/groups/sns/acts/, (2012)
NIST. Role based access control (RBAC) and role based security, http://csrc.nist.gov/groups/sns/rbac/index.html
NuSMV. A New Symbolic Model Checker, http://nusmv.fbk.eu/
Nuutila, E.: Efficient transitive closure computation in large digraphs. PhD thesis, Acta Polytechnica Scandinavica. Helsinki University of Technology, (1995)
Oh, S., Sandhu, R.: A model for role administration using organization structure, (2002)
OpenStack. Managing compute users, http://docs.openstack.org/diablo/openstack-compute/admin/content/managing-compute-users.html, (2013)
OpenStack. Users and projects, http://docs.openstack.org/diablo/openstack-compute/admin/content/users-and-projects.html (2013)
Peter, M., Timothy, G.: The NIST definition of cloud computing, September (2011)
Power, D., Slaymaker, M., Simpson, A.: Conformance checking of dynamic access control policies. In: Formal Methods and Software Engineering, pp. 227–242. Springer, Berlin (2011)
Purdom, P.: A transitive closure algorithm. BIT Numer. Math. 10, 76–94 (1970). doi:10.1007/BF01940892
Sandhu, R.S., Samarati, P.: Access control: principles and practice. IEEE Commun. Mag. 32, 40–48 (1994)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 2(1), 105–135 (1999)
SAnToS Laboratory. Spec patterns, response property pattern, http://patterns.projects.cis.ksu.edu/, (2012)
Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a european bank: a case study and discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9. ACM (2001)
Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. Knowl. Data Eng. 17(11), 1557 (2005)
SPIN. The SPIN model checker, http://spinroot.com/spin/
Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. & Priv. 8(6), 24–31 (2010)
Tang, Z., Wei, J., Sallam, A., Li, K., Li, R.: A new rbac based access control model for cloud computing. In: Li, R., Cao, J., Bourgeois, J. (eds.) Advances in Grid and Pervasive Computing, volume 7296 of Lecture Notes in Computer Science, pp. 279–288. Springer, Berlin (2012)
Acknowledgments
This work has been (partially) funded by the Research Committee of the University of Macedonia, Greece.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gouglidis, A., Mavridis, I. & Hu, V.C. Security policy verification for multi-domains in cloud systems. Int. J. Inf. Secur. 13, 97–111 (2014). https://doi.org/10.1007/s10207-013-0205-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-013-0205-x