Collaborative Access Control for Multi-Domain Cloud Computing
Summary :
The Internet infrastructure is evolving with various approaches such as cloud computing. Interest in cloud computing is growing with the rise of services and applications particularly in business community. For delivering service securely, cloud computing providers are facing several security issues, including controlling access to services and ensuring privacy. Most of access control approaches tend to a centralization of policy administration and decision by introducing a mediator central third party. However, with the growth of the Internet and the increase of cloud computing providers, a centralized administration is no longer supported. In this paper, we present a new collaborative access control infrastructure for distributed cloud computing environment, supporting collaborative delegations across multiple domains in order to authorize users to access services at a visited domain that does not have a direct cooperative relationship with the user's home domain. For this purpose, we propose an extension of the XACML (eXtensible Access Control Markup Language) model with a new entity called Delegation Validation Point (DVP) to support multi-domain delegation in a distributed environment. We describe the new extended model and functionalities of the new component. In addition, we define new XACML messages for acquiring delegation across domains. For exchanging delegation between domains we use SAML (Security Association Markup Language) and Diameter protocol. Two Diameter applications are defined for transporting securely multiple delegation requests and answers and for building a trusted path of cooperation to acquire the chain of delegations. We detail the implemented prototype and evaluate performance within a testbed of up to 20 domains.
- Publication
- IEICE TRANSACTIONS on Information Vol.E95-D No.10 pp.2401-2414
- Publication Date
- 2012/10/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E95.D.2401
- Type of Manuscript
- PAPER
- Category
- Information Network
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Souheil BEN AYED, Fumio TERAOKA, "Collaborative Access Control for Multi-Domain Cloud Computing" in IEICE TRANSACTIONS on Information,
vol. E95-D, no. 10, pp. 2401-2414, October 2012, doi: 10.1587/transinf.E95.D.2401.
Abstract: The Internet infrastructure is evolving with various approaches such as cloud computing. Interest in cloud computing is growing with the rise of services and applications particularly in business community. For delivering service securely, cloud computing providers are facing several security issues, including controlling access to services and ensuring privacy. Most of access control approaches tend to a centralization of policy administration and decision by introducing a mediator central third party. However, with the growth of the Internet and the increase of cloud computing providers, a centralized administration is no longer supported. In this paper, we present a new collaborative access control infrastructure for distributed cloud computing environment, supporting collaborative delegations across multiple domains in order to authorize users to access services at a visited domain that does not have a direct cooperative relationship with the user's home domain. For this purpose, we propose an extension of the XACML (eXtensible Access Control Markup Language) model with a new entity called Delegation Validation Point (DVP) to support multi-domain delegation in a distributed environment. We describe the new extended model and functionalities of the new component. In addition, we define new XACML messages for acquiring delegation across domains. For exchanging delegation between domains we use SAML (Security Association Markup Language) and Diameter protocol. Two Diameter applications are defined for transporting securely multiple delegation requests and answers and for building a trusted path of cooperation to acquire the chain of delegations. We detail the implemented prototype and evaluate performance within a testbed of up to 20 domains.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.E95.D.2401/_p
Copy
@ARTICLE{e95-d_10_2401,
author={Souheil BEN AYED, Fumio TERAOKA, },
journal={IEICE TRANSACTIONS on Information},
title={Collaborative Access Control for Multi-Domain Cloud Computing},
year={2012},
volume={E95-D},
number={10},
pages={2401-2414},
abstract={The Internet infrastructure is evolving with various approaches such as cloud computing. Interest in cloud computing is growing with the rise of services and applications particularly in business community. For delivering service securely, cloud computing providers are facing several security issues, including controlling access to services and ensuring privacy. Most of access control approaches tend to a centralization of policy administration and decision by introducing a mediator central third party. However, with the growth of the Internet and the increase of cloud computing providers, a centralized administration is no longer supported. In this paper, we present a new collaborative access control infrastructure for distributed cloud computing environment, supporting collaborative delegations across multiple domains in order to authorize users to access services at a visited domain that does not have a direct cooperative relationship with the user's home domain. For this purpose, we propose an extension of the XACML (eXtensible Access Control Markup Language) model with a new entity called Delegation Validation Point (DVP) to support multi-domain delegation in a distributed environment. We describe the new extended model and functionalities of the new component. In addition, we define new XACML messages for acquiring delegation across domains. For exchanging delegation between domains we use SAML (Security Association Markup Language) and Diameter protocol. Two Diameter applications are defined for transporting securely multiple delegation requests and answers and for building a trusted path of cooperation to acquire the chain of delegations. We detail the implemented prototype and evaluate performance within a testbed of up to 20 domains.},
keywords={},
doi={10.1587/transinf.E95.D.2401},
ISSN={1745-1361},
month={October},}
Copy
TY - JOUR
TI - Collaborative Access Control for Multi-Domain Cloud Computing
T2 - IEICE TRANSACTIONS on Information
SP - 2401
EP - 2414
AU - Souheil BEN AYED
AU - Fumio TERAOKA
PY - 2012
DO - 10.1587/transinf.E95.D.2401
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E95-D
IS - 10
JA - IEICE TRANSACTIONS on Information
Y1 - October 2012
AB - The Internet infrastructure is evolving with various approaches such as cloud computing. Interest in cloud computing is growing with the rise of services and applications particularly in business community. For delivering service securely, cloud computing providers are facing several security issues, including controlling access to services and ensuring privacy. Most of access control approaches tend to a centralization of policy administration and decision by introducing a mediator central third party. However, with the growth of the Internet and the increase of cloud computing providers, a centralized administration is no longer supported. In this paper, we present a new collaborative access control infrastructure for distributed cloud computing environment, supporting collaborative delegations across multiple domains in order to authorize users to access services at a visited domain that does not have a direct cooperative relationship with the user's home domain. For this purpose, we propose an extension of the XACML (eXtensible Access Control Markup Language) model with a new entity called Delegation Validation Point (DVP) to support multi-domain delegation in a distributed environment. We describe the new extended model and functionalities of the new component. In addition, we define new XACML messages for acquiring delegation across domains. For exchanging delegation between domains we use SAML (Security Association Markup Language) and Diameter protocol. Two Diameter applications are defined for transporting securely multiple delegation requests and answers and for building a trusted path of cooperation to acquire the chain of delegations. We detail the implemented prototype and evaluate performance within a testbed of up to 20 domains.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
