Skip to main content

A Methodology for the Development and Verification of Access Control Systems in Cloud Computing

  • Conference paper
  • 1478 Accesses

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 399)

Abstract

Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopting Cloud computing, there are significant barriers to adoption, viz. security and privacy. In this paper, we focus on carefully planning security aspects regarding access control of Cloud computing solutions before implementing them and, furthermore, on ensuring they satisfy particular organizational security requirements. Specifically, we propose a methodology for the development of access control systems. The methodology is capable of utilizing existing security requirements engineering approaches for the definition and evaluation of access control models, and verification of access control systems against organizational security requirements using techniques that are based on formal methods. A proof of concept example is provided that demonstrates the application of the proposed methodology on Cloud computing systems.

Keywords

  • Security
  • Inter-organizational systems
  • Cloud business
  • Verification

References

  1. Mahowald, R.P., Sullivan, C.G., Konary, A.: Market Analysis Perspective: Worldwide SaaS and Cloud Services, 2012 — New Models for Delivering Software (2012), http://www.idc.com/getdoc.jsp?containerId=238635#.UM4QauTqmuM

  2. Media, M.R. Global Cloud Computing Market Forecast 2015-2020 (2012), http://www.marketresearchmedia.com/?p=839

  3. Gouglidis, A., Mavridis, I.: On the definition of access control requirements for grid and cloud computing systems. In: Doulamis, A., Mambretti, J., Tomkos, I., Varvarigou, T. (eds.) GridNets 2009. LNICST, vol. 25, pp. 19–26. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  4. Hansen, F., Oleshchuk, V.A.: Conformance checking of RBAC policy and its implementation. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 144–155. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  5. Jayaraman, K., et al.: Automatic error finding in access-control policies. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM (2011)

    Google Scholar 

  6. Vincent, C., et al.: Model checking for verification of mandatory access control models and properties. International Journal of Software Engineering and Knowledge Engineering 21(01), 103–127 (2011)

    Google Scholar 

  7. Fisler, K., et al.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering. ACM (2005)

    Google Scholar 

  8. Capitani di Vimercati, S., Foresti, S., Samarati, P.: Authorization and Access Control. In: Petković, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management, pp. 39–53. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  9. Sandhu, R.S., Samarati, P.: Access Control: Principles and Practice. IEEE Communications Magazine 32(9), 40–49 (1994)

    CrossRef  Google Scholar 

  10. Foster, I., et al.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, GCE 2008. IEEE (2008)

    Google Scholar 

  11. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Inc. 292 (2009)

    Google Scholar 

  12. Mell, P., Grance, T.: The NIST definition of cloud computing (draft), vol. 800, p. 145. NIST Special Publication (2011)

    Google Scholar 

  13. Sommerville, I., Kotonya, G.: Requirements engineering: processes and techniques. John Wiley & Sons, Inc. (1998)

    Google Scholar 

  14. Baier, C., Katoen, J.P.: Principles of model checking, vol. 26202649. MIT Press (2008)

    Google Scholar 

  15. Heljanko, K.: Model Checking based Software Verification (2006), http://iplu.vtt.fi/digitalo/modelchecking.pdf

  16. Girard, A., Pappas, G.: Verification using simulation. Hybrid Systems: Computation and Control, 272–286 (2006)

    Google Scholar 

  17. Stevens, R.: Systems engineering: coping with complexity. Pearson Education (1998)

    Google Scholar 

  18. Gouglidis, A., Mavridis, I.: domRBAC: An access control model for modern collaborative systems. Computers & Security (2012)

    Google Scholar 

  19. Tolone, W., et al.: Access control in collaborative systems. ACM Computing Surveys (CSUR) 37(1), 29–41 (2005)

    CrossRef  Google Scholar 

  20. Gong, L., Qian, X.: Computational issues in secure interoperation. IEEE Transactions on Software Engineering 22(1), 43–52 (1996)

    CrossRef  Google Scholar 

  21. Hu, V.C., Kuhn, D.R., Xie, T.: Property verification for generic access control models. In: IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2008. IEEE (2008)

    Google Scholar 

  22. Kuhn, R., Lei, Y., Kacker, R.: Practical combinatorial testing: Beyond pairwise. IT Professional 10(3), 19–23 (2008)

    CrossRef  Google Scholar 

  23. Hwang, J.H., et al.: ACPT: A tool for modeling and verifying access control policies. In: 2010 IEEE International Symposium on Policies for Distributed Systems and Networks (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 International Federation for Information Processing

About this paper

Cite this paper

Gouglidis, A., Mavridis, I. (2013). A Methodology for the Development and Verification of Access Control Systems in Cloud Computing. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds) Collaborative, Trusted and Privacy-Aware e/m-Services. I3E 2013. IFIP Advances in Information and Communication Technology, vol 399. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37437-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37437-1_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37436-4

  • Online ISBN: 978-3-642-37437-1

  • eBook Packages: Computer ScienceComputer Science (R0)