Managing distributed UCONabc policies with authorization assertions and policy templates

Managing UCONabc policies in modern distributed computing systems is a challenge for traditional approaches. The provisioning model has trouble to keep track and to synchronize large numbers of distributed policies, outsourcing model may suffer from network overhead and single point of failure. This paper describes an approach to manage distributed UCONabc policies, derived from the combination of authorization assertions and policy templates. It combines the benefits of provisioning and outsourcing, eliminating their respective drawbacks. Prototyping details and performance evaluation are shown, messages are 42.7% smaller than provisioning and response times are faster than outsourcing.

[1]  R. Watson How the FreeBSD Project , 2006 .

[2]  Altair Olivo Santin,et al.  A $(\rm UCON_{ABC})$ Resilient Authorization Evaluation for Cloud Computing , 2014, IEEE Transactions on Parallel and Distributed Systems.

[3]  Huang Xiuli,et al.  Access Control of Cloud Service Based on UCON , 2009, CLOUD-II 2009.

[4]  Keith McCloghrie,et al.  COPS Usage for Policy Provisioning (COPS-PR) , 2001, RFC.

[5]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[6]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[7]  Fabio Martinelli,et al.  Usage Control on Cloud systems , 2016, Future Gener. Comput. Syst..

[8]  Prashant Pandey,et al.  Cloud computing , 2010, ICWET.

[9]  Sirio Capizzi,et al.  A tuple space implementation for large-scale infrastructures , 2008 .

[10]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[11]  Antonio Messina,et al.  A Tuple Space Service for Large Scale Infrastructures , 2008, 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[12]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[13]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[14]  T Dinh-TrongTrung,et al.  The FreeBSD Project , 2005 .

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .