Abstract
Nowadays sharing data among organizations plays an important role for their collaboration. During collaborations, the organizations need to access shared information while respecting the access control constraints. In addition, most organizations rely on cloud based solutions to store their data (e.g. openstack). In such platform, data access is regulated by Access Control Lists (ACLs). ACL defines static access rules. It assumes the knowledge of the whole set of users and possible access requests. This make ACL unusable in collaborative context due to the dynamic nature of collaborative sessions. In this paper, we consider ABAC, a flexible and fine-grained model, as an access control model for cloud-based collaborations to overcome the ACL limitations. We provide an architecture that integrate ABAC in the storage level of a cloud platform.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800–145 (Draft). http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145-cloud-definition.pdf (2011). Accessed 10 Sept 2011
Calero, J.M.A., Edwards, N., Kirschnick, J., Wilcock, L., Wray, M.: Toward a multi-tenancy authorization system for cloud services. IEEE Secur. Priv. 8(6), 48–55 (2010)
Tang, B., Sandhu, R.: A Multi-Tenant RBAC model for collaborative cloud services. In: 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pp. 229–238 (2013)
Takabi, H., Joshi, J.B.D., Ahn, G.J.: SecureCloud: towards a comprehensive security framework for cloud computing environments. In: Proceeding of the 1st IEEE International Workshop Emerging Applications for Cloud Computing, pp. 393–398. Seoul, South Korea (2010)
Tanvir, A., Tripathi, A.R.: Specification and verification of security requirements in a programming model for decentralized CSCW systems. ACM Trans. Inf. Syst. Secur. 10(2), 7 (2007)
OpenStack cloud platform. http://www.openstack.org/. Accessed 05 Oct 2016
OpenStack Swift Architecture. https://swiftstack.com/openstack-swift/architecture/. Accessed 05 Oct 2016
Zhang, Y., Krishnan, R., Sandhu, R.: Secure information and resource sharing in cloud. In: CODASPY 2015—Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 131–133. Association for Computing Machinery, Inc. (2015)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4
Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for web services. In: ICWS, pp. 561–569. IEEE Computer Society (2005)
Aydoğan, R., Festen, D., Hindriks, K.V., Jonker, C.M.: Alternating offers protocols for multilateral negotiation. In: Fujita, K., Bai, Q., Ito, T., Zhang, M., Ren, F., Aydoğan, R., Hadfi, R. (eds.) Modern Approaches to Agent-based Complex Automated Negotiation. SCI, vol. 674, pp. 153–167. Springer, Cham (2017). doi:10.1007/978-3-319-51563-2_10
Thomas, R.: TMAC: a primitive for applying RBAC in collaborative environment. In: 2nd ACM, Workshop on RBAC, Fairfax, Virginia, USA, pp. 13–19 (1997)
Thomas, R., Sandhu, R.: Task-based Authorization Controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: 11th IFIP Working Conference on Database Security, Lake Tahoe, California, USA (1997)
Sejong, O.H., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)
Jin, X., Krishnan, R., Sandhu, R.: Role and attribute based collaborative administration of intra-tenant cloud iaas. In: 2014 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 261–274 (2014)
Biswas, P., Patwa, F., Sandhu, R.: Content level access control for OpenStack swift storage. In: CODASPY, pp. 123–126 (2015)
Biswas, P., Sandhu, R., Krishnan, R.: An attribute based protection model for JSON documents. In: NSS, pp. 303–317 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Madani, M.A., Erradi, M., Benkaouz, Y. (2018). ABAC Based Online Collaborations in the Cloud. In: Belqasmi, F., Harroud, H., Agueh, M., Dssouli, R., Kamoun, F. (eds) Emerging Technologies for Developing Countries. AFRICATEK 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 206. Springer, Cham. https://doi.org/10.1007/978-3-319-67837-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-67837-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67836-8
Online ISBN: 978-3-319-67837-5
eBook Packages: Computer ScienceComputer Science (R0)