A Context-Based Security Framework for Cloud Services

This paper discusses the use of Aspect-Oriented Programming (AOP) as an efficient way to handle cloud computing frontend security concerns. Without AOP, the necessary security code would be mixed with the business logic that the cloud service provider implements. This makes the maintenance of both code and business logic tedious and prone to errors. The proposed aspect-oriented approach in this paper is built upon a Web services frontend to the cloud service. Three types of context are taken into account when tuning the aspects (security services). The contexts contain various details on the environment of the Cloud and the Web services, which permit activating the necessary aspects in response to these details. A set of experiments validating this approach, are also reported in this paper.

[1]  Luis Rodero-Merino,et al.  A break in the clouds: towards a cloud definition , 2008, CCRV.

[2]  Yongwang Zhao,et al.  PBA4WSSP: a policy-based architecture for web services security processing , 2012, Service Oriented Computing and Applications.

[3]  Azzam Mourad,et al.  A novel aspect-oriented BPEL framework for the dynamic enforcement of web services security , 2012, Int. J. Web Grid Serv..

[4]  Tai-Myung Chung,et al.  A Study on Access Control Model for Context-Aware Workflow , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[5]  Günther Pernul,et al.  A Semantic Security Architecture for Web Services The Access-eGov Solution , 2010, 2010 International Conference on Availability, Reliability and Security.

[6]  Eduardo B. Fernández,et al.  A Survey of Patterns for Web Services Security and Reliability Standards , 2012, Future Internet.

[7]  Mohamed Jmaiel,et al.  Semantic matching of web services security policies , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[8]  Albrecht Schmidt,et al.  There is more to context than location , 1999, Comput. Graph..

[9]  Wei Li An adaptive security model for communication on cloud , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[10]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[11]  Mohsen Rouached Security Analysis for Web Services Compositions , 2012 .

[12]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[13]  Claude Godart,et al.  DISC-SeT: Handling Temporal and Security Aspects in the Web Services Composition , 2010, 2010 Eighth IEEE European Conference on Web Services.

[14]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[15]  Sitaraman Lakshminarayanan,et al.  Interoperable Security Standards for Web Services , 2010, IT Professional.

[16]  Wendong Zhang,et al.  A Role-Based Workflow Access Control Model , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[17]  Zakaria Maamar,et al.  What can context do for web services? , 2006, CACM.

[18]  Claude Godart,et al.  Partitioning and Cloud Deployment of Composite Web Services under Security Constraints , 2013, 2013 IEEE International Conference on Cloud Engineering (IC2E).

[19]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[20]  Srijith Krishnan Nair,et al.  Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions , 2007, IEEE International Conference on Web Services (ICWS 2007).

[21]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[22]  Zakaria Maamar,et al.  Towards Context-Based Tracking of Web Services Security , 2005, iiWAS.

[23]  Anoop Singhal Web Services Security: Techniques and Challenges (Extended Abstract) , 2008, DBSec.

[24]  Paolo Traverso,et al.  Service-Oriented Computing: State of the Art and Research Challenges , 2007, Computer.

[25]  Zakaria Maamar,et al.  Decoupling Security Concerns in Web Services Using Aspects , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[26]  Azzam Mourad,et al.  New XACML-AspectBPEL approach for composite web services security , 2013, Int. J. Web Grid Serv..