Syntactic and Semantic Mappings in Authorization Policy Federations for Heterogeneous Clouds
Abstract
Leading cloud computing providers, such as Amazon, Google, and Microsoft, use proprietary technologies to deliver their services. Users have a desire to use multiple providers to increase their service availability, reduce costs, not rely on a single provider, among other reasons. Authorization Policy Federations (APFs) allow the definition of a single access control policy that can be applied across multiple heterogeneous providers. To do this, these policies, described in Disjunctive Normal Form (DNF) and semantics defined by an ontology, must be mapped to the local context of each user and cloud. This paper discusses the syntactic and semantic mapping processes of policies and the Semantic Equivalence Level (LSE) metric used to measure their effectiveness.
Keywords:
Cloud Computing, Heterogeneous Multi-Cloud Environments, Authorizastion Policy Federations, Security in Distributed Systems
References
Almutairi, A., Sarfraz, M., Basalamah, S., Aref,W., and Ghafoor, A. (2012). A distributed access control architecture for cloud computing. Software, IEEE, 29(2):36–44.
Bernabe, J. B., Perez, J. M. M., Calero, J. M. A., Clemente, F. J. G., Perez, G. M., and Skarmeta, A. F. G. (2014). Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32(C):154–167.
Bittencourt, L. F., Calheiros, R. N., and Lee, C. (2017). Middleware for multicloud. IEEE Cloud Computing, 4(4):22–25.
Chadwick, D. W., Siu, K., Lee, C., Fouillat, Y., and Germonville, D. (2014). Adding federated identity management to openstack. Journal of Grid Computing, 12(1):3–27.
Moore, B. (2003). Policy Core Information Model (PCIM) Extensions. RFC 3460 (Proposed Standard).
Ngo, C., Demchenko, Y., and de Laat, C. (2016). Multi-tenant attribute-based access control for cloud infrastructure services. Journal of Information Security and Applications, 27-28:65 – 84. Special Issues on Security and Privacy in Cloud Computing.
Opara-Martins, J., Sahandi, R., and Tian, F. (2016). Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective. Journal of Cloud Computing, 5(1):4.
Sette, I. S. (2016). Access Control in IaaS Multi-Cloud Heterogeneous Environments. PhD thesis, Universidade Federal de Pernambuco, Recife, PE, Brazil.
Sette, I. S., Chadwick, D.W., and Ferraz, C. A. G. (2017). Authorization policy federation in heterogeneous multicloud environments. IEEE Cloud Computing, 4(4):38–47.
Tang, B., Sandhu, R., and Li, Q. (2013). Multi-tenancy authorization models for collaborative cloud services. In Collaboration Technologies and Systems (CTS), 2013 International Conference on, pages 132–138.
TI inside online (2018). Estudo mostra retração no mercado de cloud e data center no Brasil.
http://tiinside.com.br/tiinside/services/24/11/2018/estudo-mostra-retracao-nomercado- de-cloud-e-data-center-no-brasil/. Online; postado em 24/11/2018 acessado em 10/12/2018.
Toosi, A. N., Calheiros, R. N., and Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Comput. Surv., 47(1):7:1– 7:47.
Yousif, M. (2017). Multiclouds in an enterprise – a love-hate relationship. IEEE Cloud Computing, 4(4):4–5.
Zeck, A. and Bouroudjian, J. (2017). Real-world experience with a multicloud exchange. IEEE Cloud Computing, 4(4):6–11.
Yahya Al-Dhuraibi, Fawaz Paraiso, Nabil Djarallah, and Philippe Merle. Elasticity in Cloud Computing: State of the Art and Research Challenges. IEEE Transactions on Services Computing (TSC), 11(2):430–447, March 2018.
Bernabe, J. B., Perez, J. M. M., Calero, J. M. A., Clemente, F. J. G., Perez, G. M., and Skarmeta, A. F. G. (2014). Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32(C):154–167.
Bittencourt, L. F., Calheiros, R. N., and Lee, C. (2017). Middleware for multicloud. IEEE Cloud Computing, 4(4):22–25.
Chadwick, D. W., Siu, K., Lee, C., Fouillat, Y., and Germonville, D. (2014). Adding federated identity management to openstack. Journal of Grid Computing, 12(1):3–27.
Moore, B. (2003). Policy Core Information Model (PCIM) Extensions. RFC 3460 (Proposed Standard).
Ngo, C., Demchenko, Y., and de Laat, C. (2016). Multi-tenant attribute-based access control for cloud infrastructure services. Journal of Information Security and Applications, 27-28:65 – 84. Special Issues on Security and Privacy in Cloud Computing.
Opara-Martins, J., Sahandi, R., and Tian, F. (2016). Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective. Journal of Cloud Computing, 5(1):4.
Sette, I. S. (2016). Access Control in IaaS Multi-Cloud Heterogeneous Environments. PhD thesis, Universidade Federal de Pernambuco, Recife, PE, Brazil.
Sette, I. S., Chadwick, D.W., and Ferraz, C. A. G. (2017). Authorization policy federation in heterogeneous multicloud environments. IEEE Cloud Computing, 4(4):38–47.
Tang, B., Sandhu, R., and Li, Q. (2013). Multi-tenancy authorization models for collaborative cloud services. In Collaboration Technologies and Systems (CTS), 2013 International Conference on, pages 132–138.
TI inside online (2018). Estudo mostra retração no mercado de cloud e data center no Brasil.
http://tiinside.com.br/tiinside/services/24/11/2018/estudo-mostra-retracao-nomercado- de-cloud-e-data-center-no-brasil/. Online; postado em 24/11/2018 acessado em 10/12/2018.
Toosi, A. N., Calheiros, R. N., and Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Comput. Surv., 47(1):7:1– 7:47.
Yousif, M. (2017). Multiclouds in an enterprise – a love-hate relationship. IEEE Cloud Computing, 4(4):4–5.
Zeck, A. and Bouroudjian, J. (2017). Real-world experience with a multicloud exchange. IEEE Cloud Computing, 4(4):6–11.
Yahya Al-Dhuraibi, Fawaz Paraiso, Nabil Djarallah, and Philippe Merle. Elasticity in Cloud Computing: State of the Art and Research Challenges. IEEE Transactions on Services Computing (TSC), 11(2):430–447, March 2018.
Published
2019-05-06
How to Cite
SETTE, Ioram S.; XAVIER, Marcus R.; FERRAZ, Carlos A. G.; CHADWICK, David W..
Syntactic and Semantic Mappings in Authorization Policy Federations for Heterogeneous Clouds. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 37. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 650-663.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2019.7393.
