Skip to main content
SpringerLink
Log in

Towards an Approach of Semantic Access Control for Cloud Computing

  • Conference paper
Cloud Computing (CloudCom 2009)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5931))

Included in the following conference series:

Abstract

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Berners-Lee, T., Hendler, J., Lassila, O.: The semantic web. Scientific American (2001)

    Google Scholar 

  2. Samarati, P., de di Vimercati, S.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Lampson, B.W.: Protection. In: Proceedings of the 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971); ACM Operating Systems Review 8(1), 18–24 (1974)

    Google Scholar 

  4. Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  5. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  6. Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations, vol. 1, Technical Report MTR-2547, MITRE Corporation (1973)

    Google Scholar 

  7. Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report MTR-2997, Rev. 1, MITRE Corporation (1976)

    Google Scholar 

  8. Biba, K.J.: Integrity Considerations for Secure Computer Systems, Technical Report MTR-3153, Rev. 1, MITRE Corporation (1977)

    Google Scholar 

  9. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  10. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  11. OASIS, Security Assertion Markup Language Version 1.1 (2003), http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf

  12. Belokosztolszki, A., Moody, K.: Meta-policies for distributed role-based access control systems. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, pp. 106–115 (2002)

    Google Scholar 

  13. Hada, S., Kudo, M.: XML document security based on provisional authorization. In: Proceedings of the Seventh ACM Conference on Computer and Communications Security, pp. 87–96 (2000)

    Google Scholar 

  14. OASIS, Extensible Access Control Markup Language (XACML) Version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  15. Lorch, M., Kafura, D., Shah, S.: An XACML-based policy management and authorization service for globus resources. Grid Computing, 208–210 (2003)

    Google Scholar 

  16. Johnson, M., et al.: KAoS semantic policy and domain services: An application of DAML to Web-Services-based grid architectures. In: Proceedings of the AAMAS 2003 Workshop on Web Services and Agent-Based Engineering, Melbourne, Australia (2003)

    Google Scholar 

  17. Tonti, G., et al.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei and Ponder. In: Proceedings of the 2nd International Semantic Web Conference, Florida, USA (2003)

    Google Scholar 

  18. Kagal, L.: Rei: A Policy Language for the Me-Centric Project. HP Labs Technical Report, HPL-2002-270 (2002)

    Google Scholar 

  19. Denning, D.E., Denning, P.J.: Cryptography and Data Security. Addison-Wesley, Reading (1982)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Lab of Software Engineering, Wuhan University, 430072, Wuhan, China

    Luokai Hu, Shi Ying, Xiangyang Jia & Kai Zhao

  2. Computer School, Hubei University of Education, 430205, Wuhan, China

    Luokai Hu

  3. Department of Computer, Xinjiang University, 830046, Urumchi, China

    Kai Zhao

Authors
  1. Luokai Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shi Ying
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiangyang Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kai Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SINTEF ICT, NO-7465, Trondheim, Norway

    Martin Gilje Jaatun

  2. School of Computer Science, South China Normal University, Guangzhou, China

    Gansen Zhao

  3. Department of Electrical Engineering and Computer Science, University of Stavanger, NO- 4036, Stavanger, Norway

    Chunming Rong

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hu, L., Ying, S., Jia, X., Zhao, K. (2009). Towards an Approach of Semantic Access Control for Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10665-1_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10664-4

  • Online ISBN: 978-3-642-10665-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation