A framework and risk assessment approaches for risk-based access control in the cloud
نویسندگان
چکیده
Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work.
منابع مشابه
A risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کاملThe analysis of hazard identification and risk assessment studies with the approach to assessing risk control measures since 2001 to 2017: A systemic review
Abstract background and aims: Nowadays the growing complexity of technology and industry has led to vast changes over the last few decades. These changes, in addition to their positive and valuable effects, have also caused industrial accidents affecting human life and the environment. According to the ILO 2011 report, there are 340 million annual workplace accidents and 160 million occupation...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملExposure Assessment to Environmental Pollutants in Human Health Risk Assessment Studies; Overview on New Approaches
Background & objectives: Because of human exposure to various environmental risk factors during the lifetime, the actual exposure estimation has been considered as one of the most important challenges for researchers and decision makers. Considering the contribution of environmental risk factors in the burden of diseases, this study aimed to provide new approaches in exposure assessment filed b...
متن کاملA framework for risk assessment in access control systems
We describe a framework for risk assessment specifically within the context of risk-based access control systems, which make authorization decisions by determining the security risk associated with access requests and weighing such security risk against operational needs together with situational conditions. Our framework estimates risk as a product of threat and impact scores. The framework th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Network and Computer Applications
دوره 74 شماره
صفحات -
تاریخ انتشار 2016