Risk Adaptive Authorization Mechanism (RAdAM) for Cloud Computing

Cloud computing provides many advantages for both the cloud service provider and the clients. It is also infamous for being highly dynamic and for having numerous security issues. The dynamicity of cloud computing implies that dynamic security mechanisms are being employed to enforce its security, especially in regards to access decisions. However, this is surprisingly not the case. Static traditional authorization mechanisms are being used in cloud environments, leading to legitimate doubts on their ability to fulfill the security needs of the cloud. We propose a risk adaptive authorization mechanism (RAdAM) for a simple cloud deployment, collaboration in cloud computing and federation in cloud computing. We use a fuzzy inference system to demonstrate the practicability of RAdAM. We complement RAdAM with a Vulnerability Based Authorization Mechanism (VBAM) which is a real-time authorization model based on the average vulnerability scores of the objects present in the cloud. We demonstrated the usefulness of VBAM in a use case featuring OpenStack.

[1]  Liang Chen,et al.  TRAAC: Trust and risk aware access control , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Deborah Downs,et al.  Issues in Discretionary Access Control , 1985, 1985 IEEE Symposium on Security and Privacy.

[4]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[5]  Rajkumar Buyya,et al.  InterCloud: Utility-Oriented Federation of Cloud Computing Environments for Scaling of Application Services , 2010, ICA3PP.

[6]  J. Stuart Hunter,et al.  The exponentially weighted moving average , 1986 .

[7]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[8]  Carla Merkle Westphall,et al.  Risk-based Dynamic Access Control for a Highly Scalable Cloud Federation , 2013, SECURWARE 2013.

[9]  Jordi Torres,et al.  Characterizing Cloud Federation for Enhancing Providers' Profit , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[10]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[11]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[12]  Carla Merkle Westphall,et al.  A dynamic risk-based access control architecture for cloud computing , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[13]  Ravi S. Sandhu,et al.  A multi-tenant RBAC model for collaborative cloud services , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[14]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[15]  Kamel Adi,et al.  A framework for risk assessment in access control systems , 2013, Comput. Secur..

[16]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[17]  Jorge Lobo,et al.  Risk-based access control systems built on fuzzy inferences , 2010, ASIACCS '10.

[18]  Antonio Puliafito,et al.  How to Enhance Cloud Architectures to Enable Cross-Federation , 2010, IEEE CLOUD.

[19]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Kamel Adi,et al.  Dynamic risk-based decision methods for access control systems , 2012, Comput. Secur..