A framework and risk assessment approaches for risk-based access control in the cloud

详细信息    查看全文

• 作者：Daniel Ricardo dos Santos ; ^{danielrs@inf.ufsc.br" class="auth_mail" title="E-mail the corresponding author} ; Roberto Marinho ; Gustavo Roecker Schmitt ; Carla Merkle Westphall ; Carlos Becker Westphall
• 关键词：Access control ; Cloud computing ; Risk
• 刊名：Journal of Network and Computer Applications
• 出版年：2016
• 出版时间：October 2016
• 年：2016
• 卷：74
• 期：Complete
• 页码：86-97
• 全文大小：1913 K

文摘

Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work.