Skip to main content
SpringerLink
Log in

Ontology-based access control model for security policy reasoning in cloud computing

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

There are many security issues in cloud computing service environments, including virtualization, distributed big-data processing, serviceability, traffic management, application security, access control, authentication, and cryptography, among others. In particular, data access using various resources requires an authentication and access control model for integrated management and control in cloud computing environments. Cloud computing services are differentiated according to security policies because of differences in the permitted access right between service providers and users. RBAC (Role-based access control) and C-RBAC (Context-aware RBAC) models do not suggest effective and practical solutions for managers and users based on dynamic access control methods, suggesting a need for a new model of dynamic access control that can address the limitations of cloud computing characteristics. This paper proposes Onto-ACM (ontology-based access control model), a semantic analysis model that can address the difference in the permitted access control between service providers and users. The proposed model is a model of intelligent context-aware access for proactively applying the access level of resource access based on ontology reasoning and semantic analysis method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. This paper extends our previous work published on MIST 2012 [18].

References

  1. Li X, He J (2011) A user-centric method for data privacy protection in cloud computing. In: 2011 international conference on computer, electrical, and systems sciences and engineering, pp 355–358

    Google Scholar 

  2. Bowen BM, Ben Salem M, Hershkop S (2009) Designing host and network sensors to mitigate the insider threat. IEEE Security Privacy Mag 7(6):22–29

    Article  Google Scholar 

  3. Ferraiolo DF, Richard Kuhn D, Chandramouli R (2003) Role-based access control. Artech House, Norwood

    MATH  Google Scholar 

  4. Corradi A, Montanari R, Tibaldi D (2004) Context-based access control for ubiquitous service provisioning. In: Proceedings of the 28th annual international computer software and applications conference, Sep. IEEE Press, New York, pp 444–451

    Google Scholar 

  5. Han W, Zhang J, Yao X (2005) Context-sensitive access control model and implementation. In: Proceedings of the fifth international conference on computer and information technology. IEEE Press, New York, pp 757–763

    Google Scholar 

  6. Cappelli D, Moore A, Trzeciak R, Shimeall TJ (2006) Common sense guide to prevention and detection of insider threats. Carnegie Mellon University

  7. Ahn G-J, Sandhu R (2000) Role-based authorization constraints specification. ACM Trans Inf Syst Secur 3(4):207–226

    Article  Google Scholar 

  8. Bertino E, Bonatti PA, Ferrari E (2001) Trbac: a temporal role-based access control model. ACM Trans Inf Syst Secur 4(3):191–233

    Article  Google Scholar 

  9. Joshi JBD, Bertino E, Latif U, Ghafoor A (2005) A generalized temporal role-based access control model. IEEE Trans Knowl Data Eng 17(1):4–23

    Article  Google Scholar 

  10. Li N, Tripunitara MV (2006) Security analysis in role-based access control. ACM Trans Inf Syst Secur 9(4):391–420

    Article  Google Scholar 

  11. Finin T, Joshi A, Kagal L, Niu J, Sandhu R, Winsborough W, Thuraisingham B (2008) ROWLBAC: representing role based access control in OWL. In: Proceedings of the 13th ACM symposium on access control models and technologies. ACM, New York, pp 73–82

    Chapter  Google Scholar 

  12. Macfie A, Kataria P, Koay N, Dagdeviren H, Juric R, Madani K (2008) Ontology based access control derived from dynamic RBAC and its context constraints. In: Proceedings of the 11th international conference on integrated design and process technology (IDPT 2008), Taichung, Taiwan, 1–6 June 2008

    Google Scholar 

  13. Kalajainen T (2007) An access control model in a semantic data structure: case process modelling of a bleaching line. Department of Computer Science and Engineering

  14. Nabeel Tahir M (2007) C-RBAC: Contextual role-based access control model. Ubiquitous Comput Commun J 2(3):67–74

    Google Scholar 

  15. Eom J-h, Park S-H, Chung T-M (2008) A study on architecture of access control system with enforced security control for ubiquitous computing environment. J Korean Inst Inf Secur Cryptol 18(5):71–81

    Google Scholar 

  16. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47

    Article  Google Scholar 

  17. Zoua D, Heb L, Jina H, Chenc X (2009) CRBAC: imposing multi-grained constraints on the RBAC model in the multi-application environment. J Netw Comput Appl 32(2):402–411

    Article  Google Scholar 

  18. Choi C, Choi J, Ko B, Oh K, Kim P (2012) A design of onto-ACM(Ontology based access control model) in cloud computing environments. J Internet Serv Inf Secur 2(3/4):54–64

    Google Scholar 

  19. Apache Jena Project (2013). http://jena.apache.org/

  20. Kiyomoto S, Fukushima K, Miyake Y (2011) Towards secure cloud computing architecture—a solution based on software protection mechanism. J Internet Serv Inf Secur 1(1):4–17

    Google Scholar 

  21. Pieters W (2011) Representing humans in system security models: an actor-network approach. J Wirel Mobile Netw Ubiquitous Comput Depend Appl 2(1):75–92

    Google Scholar 

  22. Zia TA, Zomaya AY (2011) A lightweight security framework for wireless sensor networks. J Wirel Mobile Netw Ubiquitous Comput Depend Appl 2(3):53–73

    Google Scholar 

  23. Jung JJ (2012) Evolutionary approach for semantic-based query sampling in large-scale information sources. Inf Sci 182(1):30–39

    Article  Google Scholar 

  24. Jung JJ (2012) ContextGrid: a contextual mashup-based collaborative browsing system. Inf Syst Front 14(4):953–961

    Article  Google Scholar 

  25. Jung JJ (2011) Service chain-based business alliance formation in service-oriented architecture. Expert Syst Appl 38(3):2206–2211

    Article  Google Scholar 

Download references

Acknowledgements

This study was supported by research fund from Chosun University, 2012.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Chosun University, Gwangju, Korea

    Chang Choi, Junho Choi & Pankoo Kim

Authors
  1. Chang Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junho Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pankoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pankoo Kim.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Choi, C., Choi, J. & Kim, P. Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67, 711–722 (2014). https://doi.org/10.1007/s11227-013-0980-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-0980-1

Keywords

Search

Navigation