Semantically Rich, Context-Aware, Attribute based Access Control Model for Cloud Systems

Author/Creator

Author/Creator ORCID

Date

2018-01-01

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Abstract

Resource access control is an important research topic in cloud systems security. Much of the work has been focused on context-sensitive access control and rule representation. In an open source cloud computing platform such as OpenStack, operators use Role-Based Access Control (RBAC) model to grant user-access to cloud resources. However, these user level role-based access control technique fails to include a comprehensive user context. A situational aware framework will provide hardened access security by bringing in users context in such cloud systems. In this work, we propose a semantically rich context-sensitive access control system for OpenStack by incorporating the user's current context attributes like location, time, etc. We integrate our own knowledge graph dependent attribute-based policy system with OpenStack policy engine to demonstrate our approach. In a proof-of-concept implementation, we integrate a knowledge graph with our own access control system to express and enforce the contextual-situation policies in OpenStack, while keeping OpenStack's current RBAC architecture in place. The proposed system provides enhanced, flexible access control while minimizing the overhead of altering the existing access control framework. We present use cases to highlight the benefits of our system and show enforcement results. The study also investigates the flexibility of integrating different policy frameworks in Open-Stack in order to enhance the access control.