An ABAC Based Policy Definement for Enriching Access Control in Cloud

Cloud computing paradigm is still an evolving paradigm but has recently gained tremendous momentum due to its potential for significant cost reduction and increased operating efficiencies in computing. However, its unique aspects exacerbate security and privacy challenges that pose as the key roadblock to its fast adoption. Cloud computing has already become very popular, and practitioners need to provide security mechanisms to ensure its secure adoption. In this chapter, the authors discuss access control systems and policy management in cloud computing environments. The cloud computing environments may not allow use of a single access control system, single policy language, or single management tool for the various cloud services that it offers. Currently, users must use diverse access control solutions available for each cloud service provider to secure data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud provider. Heterogeneity and distribution of these policies pose problems in managing access policy rules for a cloud environment. In this chapter, the authors discuss challenges of policy management and introduce a cloud based policy management framework that is designed to give users a unified control point for managing access policies to control access to their resources no matter where they are stored.

Download Full-text

Transporting the Cloud

Mobile Networks and Cloud Computing Convergence for Progressive Services and Applications - Advances in Wireless Technologies and Telecommunication ◽

10.4018/978-1-4666-4781-7.ch008 ◽

2014 ◽

pp. 135-156

Author(s):

Claudio Estevez

Keyword(s):

Cloud Computing ◽

Mobile Cloud Computing ◽

Transport Layer ◽

Mobile Cloud ◽

Transport Protocols ◽

End User ◽

Advantages And Disadvantages ◽

Processing Power ◽

And Storage

Cloud computing is consistently proving to be the dominant architecture of the future, and mobile technology is the catalyst. By having the processing power and storage remotely accessible, the main focus of the terminal is now related to connectivity and user-interface. The success of cloud-based applications greatly depends on the throughput experienced by the end user, which is why transport protocols play a key role in mobile cloud computing. This chapter discusses the main issues encountered in cloud networks that affect connection-oriented transport protocols. These issues include, but are not limited to, large delay connections, bandwidth variations, power consumption, and high segment loss rates. To reduce these adverse effects, a set of proposed solutions are presented; furthermore, the advantages and disadvantages are discussed. Finally, suggestions are made for future mobile cloud computing transport-layer designs that address different aspects of the network, such as transparency, congestion-intensity estimation, and quality-of-service integration.

Download Full-text

Fog Computing and Virtualization

Advances in Computer and Electrical Engineering - Design and Use of Virtualization Technology in Cloud Computing ◽

10.4018/978-1-5225-2785-5.ch003 ◽

2018 ◽

pp. 100-114

Author(s):

Siddhartha Duggirala

Keyword(s):

Cloud Computing ◽

Mobile Phones ◽

Fog Computing ◽

Main Concern ◽

Public Cloud ◽

Local Systems ◽

Processing Power ◽

Quality And Reliability ◽

And Storage ◽

Virtual Services

The essence of Cloud computing is moving out the processing from the local systems to remote systems. Cloud is an umbrella of physical/virtual services/resources easily accessible over the internet. With more companies adopting cloud either fully through public cloud or Hybrid model, the challenges in maintaining a cloud capable infrastructure is also increasing. About 42% of CTOs say that security is their main concern for moving into cloud. Another problem which is mainly problem with infrastructure is the connectivity issue. The datacenter could be considered as the backbone of cloud computing architecture. As the processing power and storage capabilities of the end devices like mobile phones, routers, sensor hubs improve we can increasing leverage these resources to improve your quality and reliability of services.

Download Full-text

Fog Computing and Virtualization

Handbook of Research on Cloud and Fog Computing Infrastructures for Data Science - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-5972-6.ch003 ◽

2018 ◽

pp. 53-67

Author(s):

Siddhartha Duggirala

Keyword(s):

Cloud Computing ◽

Fog Computing ◽

Main Concern ◽

Time Data ◽

Human Machine Interaction ◽

Processing Power ◽

New Generation ◽

And Storage ◽

Virtual Services ◽

Machine Interaction

The essence of cloud computing is moving out the processing from the local systems to remote systems. Cloud is an umbrella of physical/virtual services/resources easily accessible over the internet. With more companies adopting cloud either fully through public cloud or hybrid model, the challenges in maintaining a cloud capable infrastructure is also increasing. About 42% of CTOs say that security is their main concern for moving into cloud. Another problem, which is mainly problem with infrastructure, is the connectivity issue. The datacenter could be considered as the backbone of cloud computing architecture. Handling this new generation of requirements of volume, variety, and velocity in IoT data requires us to evaluate the tools and technologies. As the processing power and storage capabilities of the end devices like mobile phones, routers, sensor hubs improve, we can increase leverage these resources to improve your quality and reliability of services. Applications of fog computing is as diverse as IoT and cloud computing itself. What IoT and fog computing have in common is to monitor and analyse real-time data from network connected things and acting on them. Machine-to-machine coordination or human-machine interaction can be a part of this action. This chapter explores fog computing and virtualization.

Download Full-text

Fog Computing and Virtualization

Fog Computing ◽

10.4018/978-1-5225-5649-7.ch010 ◽

2018 ◽

pp. 208-219

Author(s):

Siddhartha Duggirala

Keyword(s):

Cloud Computing ◽

Mobile Phones ◽

Fog Computing ◽

Main Concern ◽

Public Cloud ◽

Local Systems ◽

Processing Power ◽

Quality And Reliability ◽

And Storage ◽

Virtual Services

The essence of Cloud computing is moving out the processing from the local systems to remote systems. Cloud is an umbrella of physical/virtual services/resources easily accessible over the internet. With more companies adopting cloud either fully through public cloud or Hybrid model, the challenges in maintaining a cloud capable infrastructure is also increasing. About 42% of CTOs say that security is their main concern for moving into cloud. Another problem which is mainly problem with infrastructure is the connectivity issue. The datacenter could be considered as the backbone of cloud computing architecture. As the processing power and storage capabilities of the end devices like mobile phones, routers, sensor hubs improve we can increasing leverage these resources to improve your quality and reliability of services.

Download Full-text

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

International Journal of Computational Models and Algorithms in Medicine ◽

10.4018/jcmam.2010040101 ◽

2010 ◽

Vol 1 (2) ◽

pp. 1-21

Author(s):

Luan Ibraimi ◽

Qiang Tang ◽

Pieter Hartel ◽

Willem Jonker

Keyword(s):

Access Control ◽

Health Data ◽

Third Party ◽

Personal Health ◽

Encryption Scheme ◽

Health Records ◽

Web Based ◽

The Third ◽

Access Control Policies ◽

Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

Download Full-text

FERRY: access control and quota management service

EPJ Web of Conferences ◽

10.1051/epjconf/201921403026 ◽

2019 ◽

Vol 214 ◽

pp. 03026

Author(s):

Mine Altunay ◽

Joseph Boyd ◽

Bruno Coimbra ◽

Kenneth Herner ◽

Krysia Jacobs ◽

...

Keyword(s):

Access Control ◽

Data Retrieval ◽

Management Service ◽

Job Management ◽

Cluster Configuration ◽

Access Control Management ◽

Quota Management ◽

Stored Information ◽

Access Policies ◽

And Storage

Fermilab developed the Frontier Experiments RegistRY (FERRY) service that provides a centralized repository for access control and job management attributes such as batch and storage access policies, quotas, batch priorities and NIS attributes for cluster configuration. This paper describes the FERRY architecture, deployment and integration with services that consume the stored information. The Grid community has developed several access control management services over the last decade. Over time, services for Fermilab experiments have required the collection and management of more access control and quota attributes. At the same time, various services used for this purpose, namely VOMS-Admin, GUMS and VULCAN, are being abandoned by the community. FERRY has multiple goals: maintaining a central repository for currently scattered information related to users' attributes, providing a Restful API that allows uniform data retrieval by services, and providing a replacement service for all the abandoned grid services. FERRY is integrated with the ServiceNow (SNOW) ticketing service and uses it as its user interface. In addition to the standard workflows for request approval and task creation, SNOW invokes orchestration that automates access to FERRY API. Our expectation is that FERRY will drastically improve user experience as well as decrease effort required by service administrators.

Download Full-text

HASBE access control model with Secure Key Distribution and Efficient Domain Hierarchy for cloud computing

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v6i2.pp770-777 ◽

2016 ◽

Vol 6 (2) ◽

pp. 770

Author(s):

RajaniKanth Aluvalu ◽

Vanraj Kamliya ◽

Lakshmi Muddana

Keyword(s):

Cloud Computing ◽

Access Control ◽

Key Distribution ◽

Control Model ◽

Huge Amount ◽

Hierarchical Assembly ◽

Fine Grained ◽

Access Control Models ◽

Access Control Policies ◽

Attribute Based Encryption

Cloud computing refers to the application and service that run on a distributed system using virtualized resources and access by common internet protocol and networking standard. Cloud computing virtualizes system by pooling and sharing resources. System and resources can be monitored from central infrastructure as needed. It requires high security because now day’s companies are placing more essential and huge amount of data on cloud. Hence traditional access control models are not sufficient for cloud computing applications. So encryption based on Attribute (“ABE”-“Attribute based encryption”) has been offered for access control of subcontracted data in cloud computing with complex access control policies. Traditional HASBE provides Flexibility, scalability and fine-grained access control but does not support hierarchical domain structure. In this paper, we had enhanced “Hierarchical attribute-set-based encryption” (“HASBE”) access control with a hierarchical assembly of users, with flexible domain Hierarchy structure and Secure key distribution with predefined policy

Download Full-text

A Practical Framework for Policy Composition and Conflict Resolution

International Journal of Secure Software Engineering ◽

10.4018/jsse.2012100101 ◽

2012 ◽

Vol 3 (4) ◽

pp. 1-26

Author(s):

Ousmane Amadou Dia ◽

Csilla Farkas

Keyword(s):

Conflict Resolution ◽

Access Control ◽

Collaborative Environments ◽

Control Policies ◽

Defeasible Logic ◽

Access Control Policies ◽

Policy Composition ◽

Global Power ◽

Access Policies ◽

Strategy I

In collaborative environments where resources must be shared across multiple sites, the access control policies of the participants must be combined in order to define a coherent policy. The relevant challenge in composing access policies is to deal with inconsistencies or modality conflicts. This difficulty exacerbates when the policies to compose are specified independently by different entities with no global power to decide in case of conflicts which entity must take precedence. This paper presents a semi-automated framework called Policy Composition and Conflict Resolution framework (P2CR) to address this issue. They focus on access control policies expressed as XACML statements. The authors propose a three-level conflicts resolution strategy: i) by using metadata added to the policies, ii) by using a defeasible logic theory, and iii) by providing recommendations to the entities owners of the resources. First, they provide a mechanism to add metadata to XACML. Second, they combine the access policies without prioritizing any of the entities involved in the composition. Given the context of the authors’ work, they consider this approach to be more suitable than the current approaches that are mainly negotiation-oriented or assign priorities to the policies. Finally, the resulting composite policy appears flexible and easily adjustable to runtime conflicts.

Download Full-text

HASBE access control model with Secure Key Distribution and Efficient Domain Hierarchy for cloud computing

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v6i2.8919 ◽

2016 ◽

Vol 6 (2) ◽

pp. 770

Author(s):

RajaniKanth Aluvalu ◽

Vanraj Kamliya ◽

Lakshmi Muddana

Keyword(s):

Cloud Computing ◽

Access Control ◽

Key Distribution ◽

Control Model ◽

Huge Amount ◽

Hierarchical Assembly ◽

Fine Grained ◽

Access Control Models ◽

Access Control Policies ◽

Attribute Based Encryption

Cloud computing refers to the application and service that run on a distributed system using virtualized resources and access by common internet protocol and networking standard. Cloud computing virtualizes system by pooling and sharing resources. System and resources can be monitored from central infrastructure as needed. It requires high security because now day’s companies are placing more essential and huge amount of data on cloud. Hence traditional access control models are not sufficient for cloud computing applications. So encryption based on Attribute (“ABE”-“Attribute based encryption”) has been offered for access control of subcontracted data in cloud computing with complex access control policies. Traditional HASBE provides Flexibility, scalability and fine-grained access control but does not support hierarchical domain structure. In this paper, we had enhanced “Hierarchical attribute-set-based encryption” (“HASBE”) access control with a hierarchical assembly of users, with flexible domain Hierarchy structure and Secure key distribution with predefined policy

Download Full-text