A Provenance-Policy Based Access Control Model For Data Usage Validation In Cloud
نویسندگان
چکیده
In an organization specifically as virtual as cloud there is need for access control systems to constrain users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access to confidential data the third party auditing and accounting is done which could stir up further data leaks. To control such data leaks and integrity, in past several security policies based on role, identity and user attributes were proposed and found ineffective since they depend on static policies which do not monitor data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to store metadata on the subject of data alteration which is universally called as the Provenance Information. This paper presents a provenance-policy based access control model which is designed and integrated with the system that not only makes data auditable but also incorporates accountability for data alteration events.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملProvenance-based Access Control Models Approved by Supervising Committee:
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1....
متن کاملAdopting Provenance-Based Access Control in OpenStack Cloud IaaS
Provenance-based Access Control (PBAC) has recently risen as an effective access control approach that can utilize readily provided history information of underlying systems to enhance various aspects of access control in a computing environment. The adoption of PBAC capabilities to the authorization engine of a multi-tenant cloud Infrastructure-as-a-Service (IaaS) such as OpenStack can enhance...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1411.1933 شماره
صفحات -
تاریخ انتشار 2014