A Distributed Authorization System with Mobile Usage Control Policies

  • Fabio Martinelli
  • Paolo Mori
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6927)

Abstract

Distributed systems, such as the Cloud, are widely used for solving large problems, because they provide big computational power at a low cost. From the security point of view, distributed systems pose new challenges, because the applications running on the components of the system could cooperate to access the system’s resources. Hence, the security support should consider all the accesses performed by the applications run by the same user on distinct nodes of a distributed system as the behaviour of that user. To address this problem, this paper proposes mobile usage control policies that, besides regulating the usage of the system resources, also define the exchange of some policy fragments among the nodes of the distributed system. In this way, the usage of resources performed on one node of the distributed system affects the right of accessing resources on other nodes of the system. A reference scenario where mobile usage control policies could be successfully adopted is the Cloud environment.

Keywords

Cloud Computing Virtual Machine Cloud Provider Cloud Environment Usage Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Recommendation of the National Institute of Standards and Technology (NIST), U.S. Department of Commerce (January 2011)Google Scholar
  2. 2.
    Amazon Elastic Compute Clouds (EC2), http://aws.amazon.com/ec2/
  3. 3.
    Amazon Simple Storage Service (S3), http://aws.amazon.com/s3/
  4. 4.
  5. 5.
  6. 6.
    Sandhu, R., Park, J.: The UCONABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004)CrossRefGoogle Scholar
  7. 7.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)CrossRefGoogle Scholar
  8. 8.
    Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on Grid computational services. In: Proc. of International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services 2005, p. 82. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  9. 9.
    Lazouski, A., Colombo, M., Martinelli, F., Mori, P.: Controlling the Usage of Grid Services. International Journal of Computational Science 4(3), 373–386 (2009); Special issue: Recent Advance in Computing Technologies. Global Information PublisherGoogle Scholar
  10. 10.
    Martinelli, F., Mori, P.: Usage control for Grid systems. Future Generation Computer Systems 26(7), 1032–1042 (2010)CrossRefGoogle Scholar
  11. 11.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Towards a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC) 11(1), 1–36 (2008)CrossRefGoogle Scholar
  12. 12.
    Stihler, M., Santin, A.O., Calsavara, A., Marcon Jr., A.L.: Distributed Usage Control Architecture for Business Coalitions. In: Proceedings of the IEEE International Conference on Communications, ICC 2009 (2009)Google Scholar
  13. 13.
    Pretschner, A., Hilty, M., Schutz, F., Schaefer, C., Walter, T.: Usage Control Enforcement: Present and Future. IEEE Security & Privacy 6(4), 44–53 (2008)CrossRefGoogle Scholar
  14. 14.
    Pretschner, A., Schutz, F., Schaefer, C., Walter, T.: Policy Evolution in Distributed Usage Control. Electronic Notes on Theoretical Computer Science 244, 109–123 (2009)CrossRefGoogle Scholar
  15. 15.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust Management for Public-Key Infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems Security. In: Ryan, M. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Hoare, C.A.R.: Communicating sequential processes. Communications of the ACM 21(8), 666–677 (1978)CrossRefMATHGoogle Scholar
  18. 18.
    Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (2009)Google Scholar
  19. 19.
    Cloud Security Alliance. Top Threats to Cloud Computing (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Fabio Martinelli
    • 1
  • Paolo Mori
    • 1
  1. 1.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly

Personalised recommendations