Abstract
With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berners-Lee, T., Hendler, J., Lassila, O.: The semantic web. Scientific American (2001)
Samarati, P., de di Vimercati, S.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Lampson, B.W.: Protection. In: Proceedings of the 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971); ACM Operating Systems Review 8(1), 18–24 (1974)
Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)
Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations, vol. 1, Technical Report MTR-2547, MITRE Corporation (1973)
Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report MTR-2997, Rev. 1, MITRE Corporation (1976)
Biba, K.J.: Integrity Considerations for Secure Computer Systems, Technical Report MTR-3153, Rev. 1, MITRE Corporation (1977)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
OASIS, Security Assertion Markup Language Version 1.1 (2003), http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf
Belokosztolszki, A., Moody, K.: Meta-policies for distributed role-based access control systems. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, pp. 106–115 (2002)
Hada, S., Kudo, M.: XML document security based on provisional authorization. In: Proceedings of the Seventh ACM Conference on Computer and Communications Security, pp. 87–96 (2000)
OASIS, Extensible Access Control Markup Language (XACML) Version 2.0 (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Lorch, M., Kafura, D., Shah, S.: An XACML-based policy management and authorization service for globus resources. Grid Computing, 208–210 (2003)
Johnson, M., et al.: KAoS semantic policy and domain services: An application of DAML to Web-Services-based grid architectures. In: Proceedings of the AAMAS 2003 Workshop on Web Services and Agent-Based Engineering, Melbourne, Australia (2003)
Tonti, G., et al.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei and Ponder. In: Proceedings of the 2nd International Semantic Web Conference, Florida, USA (2003)
Kagal, L.: Rei: A Policy Language for the Me-Centric Project. HP Labs Technical Report, HPL-2002-270 (2002)
Denning, D.E., Denning, P.J.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hu, L., Ying, S., Jia, X., Zhao, K. (2009). Towards an Approach of Semantic Access Control for Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-10665-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10664-4
Online ISBN: 978-3-642-10665-1
eBook Packages: Computer ScienceComputer Science (R0)