论文信息 - Network Access Control Towards Fully-Controlled Cloud Infrastructure

Network Access Control Towards Fully-Controlled Cloud Infrastructure

Recently, researchers' and scientists' interest and concern to Internet of Things (IoT) have been remarkably increasing. A diversity of IoT devices such as mobile phones, sensors and even scientific measurement facilities have been connected to the Internet and then generating an enormous amount of data. From the demands on computational resources enough to analyze such data, the utilization of the cloud has been a major trend in these days. Taking aggregation and distribution of data from and to IoT devices on the cloud into consideration, however, access control to such data gives rise to an important problem. Each of IoT devices may have a security policy and each user may have a different attribute. For achieving safe access control to data, a fully-controlled infrastructure where access to network resources is controlled as well as computational resources is required. From such a consideration, this paper proposes an access-controlled networking mechanism that dynamically organizes a flexible and secure network linking IoT devices, computational resources and users on the cloud, based on user's attribute and IoT device security policies. The architecture of FlowSieve, which we have designed and implemented in this preliminary stage of the research, is presented as well as our envisaged fully access-controlled cloud for secure data access.

Keichi Takahashi | Shinji Shimojo | Susumu Date | Masaya Muraki | Takuya Yamada

[1] Vijayalakshmi Atluri,et al. Role-based Access Control , 1992 .

[2] Ramaswamy Chandramouli,et al. Role-Based Access Control (2nd ed.) , 2007 .

[3] Ákos Frohner,et al. VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[4] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[5] Dennis G. Kafura,et al. The PRIMA Grid Authorization System , 2004, Journal of Grid Computing.

[6] P. Samarati,et al. Access control: principle and practice , 1994, IEEE Communications Magazine.

[7] Dave Evans,et al. How the Next Evolution of the Internet Is Changing Everything , 2011 .

[8] Gunjan Tank,et al. Software-Defined Networking-The New Norm for Networks , 2012 .

[9] Ian T. Foster,et al. The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[10] Ian T. Foster,et al. A security architecture for computational grids , 1998, CCS '98.