Authors:
Simeon Veloudis
;
Iraklis Paraskakis
and
Christos Petsos
Affiliation:
South East European Research Centre (SEERC), The University of Sheffield, International Faculty CITY College, Thessaloniki and Greece
Keyword(s):
Context-Aware Security, Privacy, Access Control, Inter-Policy Relations, Ontological Representation, Semantic Inferencing, Reasoning.
Abstract:
By embracing the cloud computing paradigm enterprises are able to realise significant cost savings whilst boosting their agility and productivity. Yet, due mainly to security and privacy concerns, many enterprises are reluctant to migrate the storage and processing of their critical assets to the cloud. One way to alleviate these concerns, hence bolster the adoption of cloud computing, is to infuse suitable access control policies in cloud services. Nevertheless, the complexity inherent in such policies, stemming from the dynamic nature of cloud environments, calls for a framework capable of providing assurances with respect to the effectiveness of these policies. The work presented in this paper elaborates on such a framework. In particular, it proposes an approach for generically checking potential subsumption relations between access control policies that incorporate the contextual knowledge that characterises an access request and which needs to be taken into account for granting
, or denying, the request. The proposed framework is expressed ontologically hence enabling automated reasoning, through semantic inferencing, about policy subsumption.
(More)