Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

An Entity Attribute-Based Access Control Model in Cloud Environment

클라우드 환경에서 개체 속성 기반 접근제어 모델

  • 최은복 (전주대학교 스마트미디어학과)
  • Received : 2020.08.24
  • Accepted : 2020.10.20
  • Published : 2020.10.28
Download PDF
⟨ Previous Next ⟩

Abstract

In the large-scale infrastructure of cloud environment, illegal access rights are frequently caused by sharing applications and devices, so in order to actively respond to such attacks, a strengthened access control system is required to prepare for each situation. We proposed an entity attribute-based access control(EABAC) model based on security level and relation concept. This model has enhanced access control characteristics that give integrity and confidentiality to subjects and objects, and can provide different services to the same role. It has flexibility in authority management by assigning roles and rights to contexts, which are relations and context related to services. In addition, we have shown application cases of this model in multi service environment such as university.

클라우드 환경의 대규모 인프라 구조에서는 응용프로그램들과 디바이스의 공유로 인하여 불법적인 접근권한 문제가 빈번하게 발생하기 때문에 이러한 공격에 적극적으로 대응하기 위해서는 상황별로 대비가 가능한 강화된 접근통제 시스템이 요구된다. 우리는 대규모 인프라 환경에 기반한 보안등급과 릴레이션 개념의 개체 속성 기반 접근통제 모델을 제시하였다. 본 모델은 주체와 객체에 무결성과 기밀성 등급을 부여하고 동일한 역할에 대해 서로 다른 서비스가 가능한 강화된 접근제어 특성을 가지며, 서비스와 관련된 릴레이션과 상태정보인 컨텍스트에 의해 역할과 권한을 배정함으로써 권한 관리의 유연성을 갖는다. 또한, 대학이라는 대규모 인프라 구조를 갖는 다중 서비스 환경에 적용한 응용 사례를 통하여 본 모델의 적용 가능성을 제시하였다.

Keywords

References

  1. R. Aluvalu & L. Muddana. (2016). A Dynamic atttribute-based risk aware access control model(DA-RAAC) for cloud computing, IEEE International Conference on Computational Intelligence and Computing Research(ICCIC), DOI : 10.1109/iccic.2016.7919618
  2. G. Sala, D. Sgandurra & F. Baiardi. (2007). Security and Integrity of a Distributed File Storage in a Vitual Environment, Fourth Inernational IEEE Security In Storage Workshop, 58-69. DOI : 10.1109/SISW.2007.10
  3. G. Cheng, H. Jin, D. Zou, A. Ohoussou & F. Zhao. (2008). A Prioritized Chinese Wall Model for Mananging the Covert Information Flows in Virtual Machine Systems, The 9th Inernational Conference for Young Computer Scienttists, 1481-1487. DOI : 10.1109/ICYCS.2008.534.
  4. F. Sabdhi. (2011). Cloud Computing Security Threates and Responses,, Inernational Conference on Communication Software and Networks(ICCSN), 245-249.
  5. F. Sabdhi. (2011). Virtualization-Lever Security in Cloud Computing, Inernational Conference on Communication Software and Networks(ICCSN), 250-254.
  6. T. Shinagawa, H. Eiraku, S. Hasegawa, K. Omote, K. Tanimoto, T. Horie & K. Kato. (2008). Introducing Role-based Access Control to a Secure Virtual Machine Monitor :Security Policy Enforcement Mechanism for Distributed Computers, 2008 IEEE Asia-Pacific Services Computing Conference, 1225-1230. DOI : 10.1109/APSCC.2008.14
  7. C. Musca, A. Ion, C.Leordeanu & V. Cristea. (2013). Secure Aceess to Cloud Resource RBAC in Cloud System, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 554-558.
  8. http://aws.amazon.com/ec2.
  9. http://aws.amazon.com/s3.
  10. http://aws.vmware.com/products/vcenter-server.html
  11. British Standards. (2013). ISO/IEC 27001: 2013: Information Technology--Security Techniques--Information Security Management Systems--Requirements. International Organization for Standardization.
  12. C. Pengrui, W. LingDa, Y. Chao & Y. Ronghuan. (2016). A Hierachical Access Control Model of Software Repository Based on RBAC, IEEE, 761-765. DOI : 10.1109/icsess.2016.7883179
  13. T. Win, H Tianfield & Q. Mair. (2014). Virtualization Security Combining Mandatory Access Control and Virtual Machine Introspection, 2014 IEEE/ACM 7th International Conference on Utitiy and Cloud Computing, 1004-1009.
  14. Y. Sanches, S. Demurjian & M. Baihan. (2019). A Service-based RBAC & MAC approach incorporate into the FHIR standard, Digital Communications and Networks, 5, 214-225. DOI : 10.1016/j.dcan.2019.10.004
  15. E. Choi & S. Lee(2016), Access Control Mechanism based on MAC for Cloud Convergence, Journal of the Korea Convergence Society, 7(1), 1-8. DOI : 10.15207/jkcs.2016.7.1.001
  16. B. Taubmann, N. Rakotondravony & H. Reiser, (2016), CloudPhylactor:Harnessing Mandatory Access Control for Virtual Machine Introspection in Cloud Data Centers, 2016 IEEE TrustCom-BigDataSE-ISPA, 957-964. DOI : 10.1109/TrustCom.2016.160
  17. E. Choi, (2018), A Virtualization Management Convergence Access Control Model for Cloud Computing Environments, Journal of Convergence for Information Technology, 8(5), 69-75. DOI : 10.22156/CS4SMB.2018.8.5.069
  18. X. Ding & J. Yang, (2019), An Access Control Model and Its Application in Blockchain, 2019 International Conference on Communications, Information System and Computer Engineering (CISCE), 163-167. DOI : 10.1109/CISCE.2019.00044