A Distributed Authorization System with Mobile Usage Control Policies

Distributed systems, such as the Cloud, are widely used for solving large problems, because they provide big computational power at a low cost. From the security point of view, distributed systems pose new challenges, because the applications running on the components of the system could cooperate to access the system's resources. Hence, the security support should consider all the accesses performed by the applications run by the same user on distinct nodes of a distributed system as the behaviour of that user. To address this problem, this paper proposes mobile usage control policies that, besides regulating the usage of the system resources, also define the exchange of some policy fragments among the nodes of the distributed system. In this way, the usage of resources performed on one node of the distributed system affects the right of accessing resources on other nodes of the system. A reference scenario where mobile usage control policies could be successfully adopted is the Cloud environment.

[1]  Christian Schaefer,et al.  Usage Control Enforcement: Present and Future , 2008, IEEE Security & Privacy.

[2]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[3]  Jan Vitek,et al.  Secure Internet Programming , 1999 .

[4]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[5]  SandhuRavi,et al.  The UCONABC usage control model , 2004 .

[6]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[7]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[8]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[9]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[10]  Altair Olivo Santin,et al.  Distributed Usage Control Architecture for Business Coalitions , 2009, 2009 IEEE International Conference on Communications.

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Christian Schaefer,et al.  Policy Evolution in Distributed Usage Control , 2009, STM@IFIPTM.

[13]  Fabio Martinelli,et al.  On usage control for GRID systems , 2010, Future Gener. Comput. Syst..

[14]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[15]  Jaehong Park,et al.  Formal model and policy specification of usage control , 2005, TSEC.

[16]  Ravi S. Sandhu,et al.  Toward a Usage-Based Security Framework for Collaborative Computing Systems , 2008, TSEC.