A framework and risk assessment approaches for risk-based access control in the cloud

https://doi.org/10.1016/j.jnca.2016.08.013Get rights and content

Abstract

Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work.

Introduction

Cloud computing enables the delivery of computational resources and services through the Internet, providing easy access, elasticity and resource sharing (Mell and Grance, 2011). The cloud model is widely adopted because of its economical and performance advantages for customers and service providers. However, the growing number of users and available resources, as well as the diversity of supported applications, emphasize the security challenges of this model (Ren et al., 2012).

Access control is crucial to ensure the correct enforcement of security policies on the cloud. There are well-known solutions to enforce policies based on traditional access control models, such as the eXtensible Access Control Markup Language (XACML) (OASIS, 2003). Nonetheless, the emergence of new requirements in access control, derived from current information security needs and the needs of highly dynamic environments, has led to the development of access control models based on risk assessment (McGraw, 2009), for which clear enforcement mechanisms are not readily available. One of the main advantages of risk-based access control models is the ability to handle exceptional access requests, when a user must be granted access to perform a critical action, even though he or she may not be previously authorized to do so. Another issue solved by this kind of access control model is flexibility in accessing resources. Traditional models employ rigid and static access control policies that are not well suited to dynamic and heterogeneous environments like the cloud (dos Santos et al., 2013, Karp et al., 2009), since those environments present a continuous change in the available users and resources and greater administrative complexity.

This paper presents a framework for dynamic risk-based access control for cloud computing. The system manages user access to cloud resources by quantifying and aggregating risk metrics defined in risk policies created by resource owners. The risk-based model is built on top of XACML and allows the use of, e.g., Role-based Access Control (RBAC) or Attribute-based Access Control (ABAC) coupled with risk analysis. This combination provides flexible access control for both users and Cloud Service Providers (CSPs).

We also present instantiations of our framework using diverse risk-based models. One instantiation is based on ontologies, which provides a formal model for the inference of contextual information in risk analysis. The use of ontologies for access control models to provide flexibility and dynamism in decision making has been exploited in some works (Finin et al., 2008, Dersingh et al., 2009). However, the use of ontologies in the context of dynamic risk assessment is a novel contribution.

This paper is the consolidation of some of our previously published research in risk-based access control for cloud computing (dos Santos et al., 2013, dos Santos et al., 2014, Marinho et al., 2014) with the addition of new material and results related to instantiations of our framework. Section 2 introduces the main concepts related to cloud computing and access control. Section 3 presents our main contribution, the development of an extensible framework for risk assessment approaches for access control in cloud computing. 4 Instantiating the framework, 5 An ontology-based approach to risk calculation for the RAdAC model present other contributions, namely the instantiation of the framework with risk-based models and the development of an ontology-based risk quantification approach for such models. Section 6 presents the use of the framework in the emerging scenario of cloud federations. Section 7 describes our implementation and experimental results. Section 8 discusses related work and Section 9 concludes the paper.

Section snippets

Background

Cloud computing allows access to a shared pool of configurable computing resources with five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service (Mell and Grance, 2011). Despite the advantages of clouds, security is the main fear of potential users, especially in public deployments (Ren et al., 2012).

A framework for risk-based access control in the cloud

As discussed in 1 Introduction, 2 Background, there are standard definitions and authorization frameworks for traditional access control models, XACML being one of the most successful. On the other hand, there is a myriad of risk-based access control models employing different quantification and aggregation methods and no common enforcement approach capable of supporting several models.

In this Section, we present a framework based on the quantification and aggregation of risk metrics. Metrics

Instantiating the framework

An instantiation of the framework is characterized by defining the elements of a risk policy, namely metrics, quantification functions, an aggregation function and a risk threshold. In this Section, we instantiate the framework presented in the previous Section with three risk-based models: the one presented by Sharma et al. (2012), the RAdAC model as described by Britton and Brown (2007) and a custom model that combines characteristics from both. For each model we present the risk metrics, a

An ontology-based approach to risk calculation for the RAdAC model

One of the biggest challenges in using RAdAC is finding a good risk estimation method. The method of Britton and Brown (2007) is a possibility, but the availability of contextual information to evaluate risk metrics is a major issue for risk quantification, since if some information is absent a final value cannot be achieved.

Our ontology-based approach tries to solve this problem by adjusting the weights of each metric as they become available. Hence, at run-time, if there are few metrics

Risk-based access control in cloud federations

A cloud federation aggregates services from different providers in a single set supporting three basic interoperability characteristics: resource migration, redundancy, and combination of complementary services or resources (Kurze et al., 2011). There are several proposals for cloud federation architectures, also called multi-clouds or clouds of clouds (AlZain et al., 2012, Vukolić, 2010). Their idea is to present unique APIs, monitoring, and metering services, allowing organizations to join

Implementation and experiments

We developed two implementations of the framework, the first in Python, using the ndg-xacml1 engine and the second in Java, using the HERAS-AF2 engine. This choice was due to the better availability of ontology tools in Java and to faster development in Python. The engines were chosen because they are both open source, with tests and documentation available.

In the Python implementation, we used the web.py framework for the web

Risk-based Access Control

Fall et al. (2011) discussed the inadequacy of current access control models for multi-tenant clouds and proposed the use of RAdAC. Although their work introduced risk-based access control for the cloud, there was no validation of the idea. Arias-Cabarcos et al. (2012) described challenges for federated identity management in the cloud, especially trust agreements, and proposed a risk evaluation methodology to enable dynamic identity federations. The authors proposed a set of metrics and a

Discussion and conclusions

We proposed a framework for risk-based access control, based on an extension of XACML and the use of risk policies, which adds flexibility for resource sharing in a dynamic and collaborative environment such as the cloud. The framework has as main advantages the possibility of using risk metrics, quantification and aggregation functions from different sources, including those defined by the user, and the use of basic risk policies to maintain minimum security requirements. Another important

References (53)

  • C. Ngo et al.

    Decision diagrams for XACML policy evaluation and management

    Comput. Secur.

    (2015)
  • R. Shaikh et al.

    Dynamic risk-based decision methods for access control systems

    Comput. Secur.

    (2012)
  • Ahmed, A., Zhang, N., 2010. An Access Control Architecture for Context-Risk-Aware Access Control: Architectural Design...
  • AlZain, M., Pardede, E., Soh, B., Thom, J., 2012. Cloud Computing Security: From Single to Multi-clouds. In: Proc....
  • P. Arias-Cabarcos et al.

    A metric-based approach to assess risk for “on cloud” federated identity management

    J. Netw. Syst. Manag.

    (2012)
  • Bernabe, J., Perez, J., Calero, J., Clemente, F., Perez, G., Skarmeta, A., 2011. Towards an authorization system for...
  • Borst, W., 1997. Construction of Engineering Ontologies for Knowledge Sharing and Reuse. pH.D. thesis, University of...
  • Britton, D., Brown, I., 2007. A Security Risk Measurement for the RAdAC Model. Master's thesis, Naval Postgraduate...
  • Brucker, A., Petritsch, H., 2009. Extending Access Control Models with Break-glass. In: Proc. SACMAT, pp....
  • M. Benantar

    Access Control Systems: Security, Identity Management and Trust Models

    (2006)
  • Celesti, A., Tusa, F., Villari, M., Puliafito, A., 2010. Security and Cloud Computing: InterCloud Identity Management...
  • Celesti, A., Tusa, F., Villari, M., Puliafito, A., Federation Establishment Between CLEVER Clouds Through a SAML SSO...
  • Celesti, A., Tusa, F., Villari, M., Puliafito, A., 2010. How to Enhance Cloud Architectures to Enable Cross-Federation....
  • Celesti, A., Tusa, F., Villari, M., Puliafito, A., 2010. Three-Phase Cross-Cloud Federation Model: The Cloud SSO...
  • Chen, L., Gasparini, L., Norman, T.J., 2013, XACML and Risk-Aware Access Control. In: Proc. ICEIS, pp....
  • Cheng, P., Rohatgi, P., Keser, C., Karger, P., Wagner, G., Reninger, A., 2007. Fuzzy Multi-Level Security: An...
  • Coppola, M., Dazzi, P., Lazouski, A., Martinelli, F., Mori, P., Jensen, J., Johnson, I., Kershaw, P., 2012. The...
  • D. Choi et al.

    A framework for context sensitive risk-based access control in medical information systems

    Comput. Math. Methods Med.

    (2015)
  • Dersingh, A., Liscano, R., Jost, A., Finnson, J., 2009. Dynamic Role Assignment Using Semantic Contexts. In: Proc....
  • Diep, N., Lee, S., Lee, Y., Lee, H., 2007. Contextual Risk-Based Access Control. In: Proc. SAM, pp....
  • Dimmock, N., 2003. How Much is “enough”? Risk in Trust-based Access Control. In: Proc. WETICE, pp....
  • dos Santos, D., Westphall, C., Westphall, C., 2013. Risk-based Dynamic Access Control for a Highly Scalable Cloud...
  • dos Santos, D.R., Westphall, C., Westphall, C., 2014. A Dynamic Risk-based Access Control Architecture for Cloud...
  • Fall, D., Blanc, G., Okuda, T., Kadobayashi, Y., Yamaguchi, S., 2011. Toward Quantified Risk-Adaptive Access Control...
  • Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B., ROWLBAC: Representing Role...
  • Gasparini, L., 2013. Risk-Aware Access Control and XACML. pH.D. thesis, University of...
  • Cited by (54)

    • Specification and adaptive verification of access control policy for cyber-physical-social spaces

      2022, Computers and Security
      Citation Excerpt :

      The dynamic analysis adjusts the authorization results in the operation of the system. Santos et al. (2016) present a framework for enforcing risk-based access control policies that is based on an extension of XACML. This framework can secure information sharing in dynamic and collaborative environments based on the trust and risk values.

    • Risk model of financial supply chain of Internet of Things enterprises: A research based on convolutional neural network

      2022, Computer Communications
      Citation Excerpt :

      According to the above conditions, the income matrix of the regulatory risk model is obtained in this paper, as shown in Table 2. The convolution mechanism of the Internet of things is shown in Fig. 1 [26]. The main problem of risk anomaly analysis application access control is to support the necessary flexibility and scalability of a large number of users and resources in a dynamic and heterogeneous environment, as well as the requirements for collaboration and information sharing.

    • RCBAC: A risk-aware content-based access control model for large-scale text data

      2020, Journal of Network and Computer Applications
      Citation Excerpt :

      Reference Aluvalu and Muddana (2016) proposes a dynamic attribute-based risk aware access control model, which can be hybridized with static access control models with various attribute encryption, such as KP-ABE, CP-ABE, and HASBE. Based on an extension of XACML, Reference Dos Santos et al. (2016) proposes a framework for enforcing risk-based policies. Aiming at Grid virtual organizations, Reference Nogoorani and Jalili (2016) proposes a TIRIAC framework, which is a trust-driven risk-aware access control framework that uses obligations to seamlessly monitor users and mitigate risks.

    • Known unknowns: Indeterminacy in authentication in IoT

      2020, Future Generation Computer Systems
      Citation Excerpt :

      Dos Santos et al. improved their approach [59] proposed in 2014 and enriched their method by applying RAAC not only for intra-cloud access decisions but also for inter-cloud access decisions. Ricardo et al. [60] proposed a risk-aware framework to enforce RAAC policies in the cloud. This work is based on the extension of XACML and aggregates various risk factors to calculate the final value of the risk.

    View all citing articles on Scopus
    View full text