Avaliação Resiliente de Autorização UCONABC para Computação em Nuvem
Abstract
The cloud services contractor needs a fine grained control of each user's individual consumption to define usage management procedures with higher precision. A UCONABC approach offers individualized periodic evaluations, performing continuous reevaluations of a user's authorization attributes. However, this approach was not designed for the dynamic context of cloud computing. The work presented in this paper shows that it is possible to provide resilience to the process of reevaluating authorizations of UCONABC. The development of proof of concept shows cloud computing provides elasticity to the entities responsible for attribute accounting and its evaluation, enabling the proposed approach.
References
Bertram S., Boniface M., Surridge M., Briscombe N. e Hall-May M. (2010). On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds. 3rd CLOUD, pg. 518-525.
CSA (2011). Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Disponível em: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf. Acesso: Mar. 2012.
Danwei C., Xiuli H. e Xunyi R., (2009). Access Control of Cloud Service Based on UCON. 1st CloudCom 2009. LNCS. pg. 559-564.
Emeakaroha V. C., Netto M. A. S., Calheiros R. N., Brandic I., Buyya R. e Rose C. A. F. De. (2011). Towards Autonomic Detection of SLA Violations in Cloud Infrastructures. Elsevier FGCS, pg. 1-13.
Erickson J., Spence S., Rhodes M., Banks D., Rutherford J., Simpson E., Belrose, G. e Perry R. (2009). Content-Centered Collaboration Spaces in the Cloud. IEEE Internet Computing, pg. 34-42.
Grobauer B., Walloschek T. e Stöcker E. (2010). Understanding Cloud-Computing Vulnerabilities. IEEE S&P, pg. 50-57. Hayes B. (2008). Cloud computing. Communications ACM, vol. 51, no. 7, pg. 9-11.
Lim H. C., Babu S., Chase J. S. e Parekh S. S. (2009). Automated Control in Cloud Computing: Challenges and Opportunities. 1st ACDC, pg. 13-18.
Marcon Jr. A. L., Santin A. O., Lima Jr. L. A. de P., e Stihler M. (2009). Policy Management Architecture Based on Provisioning Model and Authorization Certificates. ACM SAC, pg. 1594-1598.
Marcon Jr, A. L., Laureano, M., Santin, A. O. e Maziero, C. A. (2010). Aspectos de Segurança e Privacidade em Ambientes de Computação em Nuvem. Anais de MiniCursos do SBSeg 2010, SBC, pg. 53-102.
Marcon Jr, A. L., Santin, A. O., Stihler, M. e Bachtold, J. (2013). A UCONabc Resilient Authorization Evaluation for Cloud Computing, IEEE Transactions on Parallel and Distributed Systems, 11 April 2013. IEEE computer Society Digital Library, Preprint.
Mell P. e Grance T. (2009). The NIST Definition of Cloud Computing. Special Publication 800-145. National Institute of Standards and Technology (NIST), Information Technology Laboratory. Disponível em: http://csrc.nist.gov/publications/nistpubs/800145/SP800-145.pdf. Acesso: Jan. 2013.
OASIS (2004). Web Services Security SOAP Message Security 1.1. Disponível em: https://docs.oasis-open.org/wss/v1.1. Acesso: Nov. 2012.
OASIS (2005). eXtensible Access Control Markup Language v 2.0. Disponível em: https://www.oasis-open.org/committees/xacml. Acesso: Out. 2011.
OASIS (2007). WS-Trust 1.3. Disponível em: https://www.oasis-open.org/standards/#wstrustv1.3. Acesso: Set. 2012.
Park J. e Sandhu R. (2004). The UCONABC Usage Control Model. ACM TISSEC, vol. 7, no. 1, pg. 128-174.
Yavatkar R., Pendarakis D. e Guerin R. (2000). A Framework for Policy-based Admission Control, RFC 2753.
Tavizi T., Shajari M. e Dodangeh P., (2012). A Usage Control Based Architecture for Cloud Environments. IEEE IPDPSW 2012, pg. 1534-1539.
Teigão R., Maziero C. e Santin A. O. (2011). Applying a Usage Control Model in an Operating System Kernel. Elsevier Journal of Network and Computer Applications, pg. 1342-1352.
W3C (2004). Web Services Architecture. Disponível em: https://www.w3.org/TR/ws-arch. Acesso: Jun. 2011.
W3C (2007) SOAP Version 1.2. Disponível em: https://www.w3.org/TR/soap. Acesso: Set. 2012.
Zhang L. J. e Zhang J. (2009). An Integrated Service Model Approach for Enabling SOA. IEEE IT Pro. pg. 28-33.
CSA (2011). Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Disponível em: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf. Acesso: Mar. 2012.
Danwei C., Xiuli H. e Xunyi R., (2009). Access Control of Cloud Service Based on UCON. 1st CloudCom 2009. LNCS. pg. 559-564.
Emeakaroha V. C., Netto M. A. S., Calheiros R. N., Brandic I., Buyya R. e Rose C. A. F. De. (2011). Towards Autonomic Detection of SLA Violations in Cloud Infrastructures. Elsevier FGCS, pg. 1-13.
Erickson J., Spence S., Rhodes M., Banks D., Rutherford J., Simpson E., Belrose, G. e Perry R. (2009). Content-Centered Collaboration Spaces in the Cloud. IEEE Internet Computing, pg. 34-42.
Grobauer B., Walloschek T. e Stöcker E. (2010). Understanding Cloud-Computing Vulnerabilities. IEEE S&P, pg. 50-57. Hayes B. (2008). Cloud computing. Communications ACM, vol. 51, no. 7, pg. 9-11.
Lim H. C., Babu S., Chase J. S. e Parekh S. S. (2009). Automated Control in Cloud Computing: Challenges and Opportunities. 1st ACDC, pg. 13-18.
Marcon Jr. A. L., Santin A. O., Lima Jr. L. A. de P., e Stihler M. (2009). Policy Management Architecture Based on Provisioning Model and Authorization Certificates. ACM SAC, pg. 1594-1598.
Marcon Jr, A. L., Laureano, M., Santin, A. O. e Maziero, C. A. (2010). Aspectos de Segurança e Privacidade em Ambientes de Computação em Nuvem. Anais de MiniCursos do SBSeg 2010, SBC, pg. 53-102.
Marcon Jr, A. L., Santin, A. O., Stihler, M. e Bachtold, J. (2013). A UCONabc Resilient Authorization Evaluation for Cloud Computing, IEEE Transactions on Parallel and Distributed Systems, 11 April 2013. IEEE computer Society Digital Library, Preprint.
Mell P. e Grance T. (2009). The NIST Definition of Cloud Computing. Special Publication 800-145. National Institute of Standards and Technology (NIST), Information Technology Laboratory. Disponível em: http://csrc.nist.gov/publications/nistpubs/800145/SP800-145.pdf. Acesso: Jan. 2013.
OASIS (2004). Web Services Security SOAP Message Security 1.1. Disponível em: https://docs.oasis-open.org/wss/v1.1. Acesso: Nov. 2012.
OASIS (2005). eXtensible Access Control Markup Language v 2.0. Disponível em: https://www.oasis-open.org/committees/xacml. Acesso: Out. 2011.
OASIS (2007). WS-Trust 1.3. Disponível em: https://www.oasis-open.org/standards/#wstrustv1.3. Acesso: Set. 2012.
Park J. e Sandhu R. (2004). The UCONABC Usage Control Model. ACM TISSEC, vol. 7, no. 1, pg. 128-174.
Yavatkar R., Pendarakis D. e Guerin R. (2000). A Framework for Policy-based Admission Control, RFC 2753.
Tavizi T., Shajari M. e Dodangeh P., (2012). A Usage Control Based Architecture for Cloud Environments. IEEE IPDPSW 2012, pg. 1534-1539.
Teigão R., Maziero C. e Santin A. O. (2011). Applying a Usage Control Model in an Operating System Kernel. Elsevier Journal of Network and Computer Applications, pg. 1342-1352.
W3C (2004). Web Services Architecture. Disponível em: https://www.w3.org/TR/ws-arch. Acesso: Jun. 2011.
W3C (2007) SOAP Version 1.2. Disponível em: https://www.w3.org/TR/soap. Acesso: Set. 2012.
Zhang L. J. e Zhang J. (2009). An Integrated Service Model Approach for Enabling SOA. IEEE IT Pro. pg. 28-33.
Published
2013-11-11
How to Cite
MARCON JR., Arlindo L.; SANTIN, Altair O.; STIHLER, Maicon.
Avaliação Resiliente de Autorização UCONABC para Computação em Nuvem. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 16-29.
DOI: https://doi.org/10.5753/sbseg.2013.19533.
