paasword - context-aware access control
TRANSCRIPT
Context
“Any information that can be used to characterize the situation of an entity (person, place, or object) that is considered relevant to the interaction between a user and an application, including the user and applications themselves” (Abowd, et al., 1999; Dey, 2001)
PaaSword18/11/2016 2
Challenges
PaaSword18/11/2016 3
Access control models & Context Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute Based Access Control (ABAC)
ABAC provides the appropriate flexibility that is highly desired in the heterogeneous cloud computing domain
Context is of utmost importance in the inherently heterogeneous and dynamic cloud environments
Context-aware Security Model
A model for semantically describing the knowledge that lurks behind security policies
This model constitutes the background knowledge for codeannotations
It comprises of two dimensions related todynamic security controls
static security controls
Inferencing based on Property Transitivity
Rule
If (Subject isLocatedIn SouthEurope)
Then Permit Access…
Facts
RequestorX isA Subject
RequestorX isLocatedIn Athens
Athens isLocatedIn Greece
Greece isLocatedIn SouthEurope
Inferred Fact
Inferred Facts
Athens isLocatedIn SouthEurope
RequestorX isLocatedIn Greece
RequestorX isLocatedIn SouthEurope
Decision
Access Request Permitted
PhysicalLocation
Area
isLocatedIn:Area
City
isLocatedIn:Area
North Europe
Central Europe
South Europe
Netherlands
isLocatedIn:North
Europe
Greece
isLocatedIn:South
Europe
Amsterdam
isLocatedIn:Netherlands
Athens
isLocatedIn:Greece
<<Instanceof>>
<<subclassof>>
Subject
isLocatedIn:PhysicalLocation
<<isLocatedIn>>