Browsing by Subject "Access Control"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Semantically Rich, Context Aware Access Control for Openstack(IEEE, 2018-09-01) Rathode, Vishal; Narayanan, Sandeep Nair; Mittal, Sudip; Joshi, AnupamIn an open source cloud computing platform such as OpenStack, operators use Role-Based Access Control (RBAC) model to grant access to cloud resources. However, these user-level role-based access control techniques fail to include comprehensive user context. We believe a situational aware framework will improve security by bringing in user's context to such cloud systems. In this paper, we create a semantically rich context-sensitive access control system for OpenStack by incorporating the user's current context attributes like location, time, etc. In a proof-of-concept implementation, we integrate a knowledge graph with our own access control system to express and enforce the contextual-situation policies in OpenStack. The proposed system provides enhanced, flexible access control while minimizing the overhead of altering the existing access control framework. We also discuss various use cases, to highlight the benefits of our system and show enforcement results.Item Semantically Rich, Context-Aware, Attribute based Access Control Model for Cloud Systems(2018-01-01) Rathod, Vishal; Joshi, Anupam; Computer Science and Electrical Engineering; Computer ScienceResource access control is an important research topic in cloud systems security. Much of the work has been focused on context-sensitive access control and rule representation. In an open source cloud computing platform such as OpenStack, operators use Role-Based Access Control (RBAC) model to grant user-access to cloud resources. However, these user level role-based access control technique fails to include a comprehensive user context. A situational aware framework will provide hardened access security by bringing in users context in such cloud systems. In this work, we propose a semantically rich context-sensitive access control system for OpenStack by incorporating the user's current context attributes like location, time, etc. We integrate our own knowledge graph dependent attribute-based policy system with OpenStack policy engine to demonstrate our approach. In a proof-of-concept implementation, we integrate a knowledge graph with our own access control system to express and enforce the contextual-situation policies in OpenStack, while keeping OpenStack's current RBAC architecture in place. The proposed system provides enhanced, flexible access control while minimizing the overhead of altering the existing access control framework. We present use cases to highlight the benefits of our system and show enforcement results. The study also investigates the flexibility of integrating different policy frameworks in Open-Stack in order to enhance the access control.Item Semantically Rich, Oblivious Access Control Using ABAC for Secure Cloud Storage(IEEE, 2017-09-11) Joshi, Maithilee P.; Mittal, Sudip; Joshi, Karuna Pande; Finin, TimSecuring their critical documents on the cloud from data threats is a major challenge faced by organizations today. Controlling and limiting access to such documents requires a robust and trustworthy access control mechanism. In this paper, we propose a semantically rich access control system that employs an access broker module to evaluate access decisions based on rules generated using the organizations confidentiality policies. The proposed system analyzes the multi-valued attributes of the user making the request and the requested document that is stored on a cloud service platform, before making an access decision. Furthermore, our system guarantees an end-to-end oblivious data transaction between the organization and the cloud service provider using oblivious storage techniques. Thus, an organization can use our system to secure their documents as well as obscure their access pattern details from an untrusted cloud service provider.