Packet: a privacy-aware access control policy composition method for services composition in cloud environments

Li LIN; Jian HU; Jianbiao ZHANG

doi:10.1007/s11704-016-5503-9

PDF(842 KB)

Front. Comput. Sci. ›› 2016, Vol. 10 ›› Issue (6) : 1142-1157. DOI: 10.1007/s11704-016-5503-9

RESEARCH ARTICLE

Packet: a privacy-aware access control policy composition method for services composition in cloud environments

Li LIN¹^,²^,³ ,
Jian HU¹^,² ,
Jianbiao ZHANG¹^,²^,³

Author information +

History +

Abstract

Combining different independent cloud services must coordinate their access control policies. Otherwise unauthorized access to composite cloud service can occur when there’s a conflict among different cloud service providers’ access control policies, and then it will bring serious data security and privacy issues. In this paper, we propose Packet, a novel access control policy composition method that can detect and resolve policy conflicts in cloud service composition, including those conflicts related to privacyaware purposes and conditions. The Packet method is divided into four steps. First, employing a unified description, heterogeneous policies are transformed into a unified attributebased format. Second, to improve the conflict detection efficiency, policy conflicts on the same resource can be eliminated by adopting cosine similarity-based algorithm. Third, exploiting a hierarchical structure approach, policy conflicts related to different resources or privacy-aware purposes and conditions can be detected. Fourth, different conflict resolution techniques are presented based on the corresponding conflict types. We have successfully implemented the Packet method in Openstack platform. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with the existing XACML-based system at conflict detection and resolution performance.

Keywords

cloud service composition / access control / privacy / policy composition / unified policy format / conflict detection / similarity analysis / conflict resolution

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Li LIN, Jian HU, Jianbiao ZHANG. Packet: a privacy-aware access control policy composition method for services composition in cloud environments. Front. Comput. Sci., 2016, 10(6): 1142‒1157 https://doi.org/10.1007/s11704-016-5503-9

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Breiter G, Naik V K. A framework for controlling and managing hybrid cloud service integration. In: Proceedings of IEEE International Conference on Cloud Engineering. 2013, 217–224 CrossRef Google scholar

[2]	Bonatti P, De Capitani di Vimercati S, Samarati P. An algebra for composing access control policies. ACM Transactions on Information and System Security, 2002, 5(1): 1–35 CrossRef Google scholar

[3]	Lin L, Huai J P, Li X X. Attribute-based access control policies composition algebra. Journal of Software, 2009, 20(2): 403–414 CrossRef Google scholar

[4]	Wijesekera D, Jajodia S. A propositional policy algebra for access control. ACM Transactions on Information and System Security, 2003, 6(2): 286–325 CrossRef Google scholar

[5]	Shu C C, Yang E Y, Arenas A E. Detecting conflicts in ABAC policies with rule-reduction and binary-search techniques. In: Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks. 2009, 182–185 CrossRef Google scholar

[6]	Liu J, Zhang H Q, Dai X D, Wang Y G. A static ABAC policy conflict resolution algorithm. In: Proceedings of International Conference on Multimedia Information Networking and Security. 2012, 83–86 CrossRef Google scholar

[7]	Zou J S, Zhang Y S. Research of policy conflict detection and resolution in ABAC. Journal of Computational Information Systems, 2014, 10(12): 5237–5244

[8]	Yan D F, Huang J L, Tian Y, Zhao Y, Yang F C. Policy conflict detection in composite web services with RBAC. In: Proceeding of IEEE International Conference on Web Services. 2014, 534–541 CrossRef Google scholar

[9]	Yan D F, Tian Y. Privacy policy composition of privacy-aware RBAC model for composite web services. In: Proceedings of IEEE International Broadband Network and Multimedia Technology. 2013, 312–316 CrossRef Google scholar

[10]	Kabir M E, Wang H. Conditional purpose based access control model for privacy protection. In: Proceedings of Australasian Database Conference. 2009, 135–142

[11]

Begum B A, Thakur R K, Patra P K. Security policy integration and conflict reconciliation for data integration across data sharing services in ubiquitous computing environments. In: Proceedings of IEEE International Conference on Computer and Communication Technology. 2010, 1–6

CrossRef Google scholar

[12]	Yuan E, Tong J. Attributed based access control for web services. In: Proceedings of IEEE International Conference on Web Service. 2005, 561–569 CrossRef Google scholar

[13]	Ahn G J, Hu H X, Lee J, Meng Y S. Representing and reasoning about Web access control policies. In: Proceedings of IEEE Conference on Computer Software and Applications. 2012, 137–146

[14]	Bryans J. Reasoning about XACML policies using CSP. In: Proceedings of Workshop on Secure Web Services. 2005, 28–35 CrossRef Google scholar

[15]	Hughes G, Bultan T. Automated verification of access control policies. Journal on Software Tools for Technology Transfer, 2008, 6(10): 503–520 CrossRef Google scholar

[16]	Fisler K, Krishnamurthi S, Meyerovich L A, Tschantz M C. Verification and change-impact analysis of access control policies. In: Proceedings of International Conference on Software Engineering. 2005, 196–205 CrossRef Google scholar

[17]	Kolovski V, Hendler J, Parsia B. Analyzing web access ontrol policies. In: Proceedings of the 16th International Conference on World Wide Web. 2007, 677–686 CrossRef Google scholar

[18]	Mazzoleni P, Crispo B, Sivasubramanian S, Bertino E. XACML policy integration algorithms. ACM Transactions on Information and System Security, 2008, 11(1): 1–23 CrossRef Google scholar

[19]	Rath A, Colin J N. Modeling and expressing purpose validation policy for privacy-aware usage control in distributed environment. In: Proceedings of the 8th ACM International Conference on Ubiquitous Information Management and Communication. 2014, 104–111 CrossRef Google scholar

[20]	Madylova A, Oguducu S G. A taxonomy based semantic similarity of documents using the cosine measure. In: Proceeding of International Symposium on Computer and Information Sciences. 2009, 129–134 CrossRef Google scholar

[21]	Fan B B, Liang X Y, Luo Y, Bo Y, Xia C H. Conflict detection model of access control policy in collaborative environment. In: Proceedings of International Conference on Computational and Information sciences. 2011, 377–381 CrossRef Google scholar

RIGHTS & PERMISSIONS

2016 Higher Education Press and Springer-Verlag Berlin Heidelberg

AI Summary AI Mindmap

PDF(842 KB)

Accesses

Citations

Detail

Sections

Recommended

Received	Accepted	Published
25 Nov 2015	03 Mar 2016	11 Oct 2016
Just Accepted Date	Online First Date	Issue Date
23 Mar 2016	19 Sep 2016	11 Oct 2016

About the journal

Aims & scope

Description

Editorial board

Abstracting / Indexing

Contact us

Browse

Just accepted

Online first

Latest issue

All volumes and issues

Collections

Featured articles

Most accessed

Most cited

Collections

Multimedia collections

Authors & reviewers

Online submisson

Call for papers

Guidelines for authors

Download templates