A framework and risk assessment approaches for risk-based access control in the cloud

Artigo Revisado por pares

A framework and risk assessment approaches for risk-based access control in the cloud

2016; Elsevier BV; Volume: 74; Linguagem: Inglês

10.1016/j.jnca.2016.08.013

ISSN

1095-8592

Autores

Daniel Ricardo dos Santos, Roberto Marinho, Gustavo Roecker Schmitt, Carla Merkle Westphall, Carlos Becker Westphall,

Tópico(s)

Service-Oriented Architecture and Web Services

Resumo

Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

A framework and risk assessment approaches for risk-based access control in the cloud