Abstract
Distributed systems, such as the Cloud, are widely used for solving large problems, because they provide big computational power at a low cost. From the security point of view, distributed systems pose new challenges, because the applications running on the components of the system could cooperate to access the system’s resources. Hence, the security support should consider all the accesses performed by the applications run by the same user on distinct nodes of a distributed system as the behaviour of that user. To address this problem, this paper proposes mobile usage control policies that, besides regulating the usage of the system resources, also define the exchange of some policy fragments among the nodes of the distributed system. In this way, the usage of resources performed on one node of the distributed system affects the right of accessing resources on other nodes of the system. A reference scenario where mobile usage control policies could be successfully adopted is the Cloud environment.
This work was supported by the FP7 projects Open Computing Infrastructures for Elastic Services (CONTRAIL) and Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSOS).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Recommendation of the National Institute of Standards and Technology (NIST), U.S. Department of Commerce (January 2011)
Amazon Elastic Compute Clouds (EC2), http://aws.amazon.com/ec2/
Amazon Simple Storage Service (S3), http://aws.amazon.com/s3/
Google App Engine, http://code.google.com/appengine
Google Apps, http://www.google.com/apps
Sandhu, R., Park, J.: The UCONABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC) 8(4), 351–387 (2005)
Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on Grid computational services. In: Proc. of International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services 2005, p. 82. IEEE Computer Society, Los Alamitos (2005)
Lazouski, A., Colombo, M., Martinelli, F., Mori, P.: Controlling the Usage of Grid Services. International Journal of Computational Science 4(3), 373–386 (2009); Special issue: Recent Advance in Computing Technologies. Global Information Publisher
Martinelli, F., Mori, P.: Usage control for Grid systems. Future Generation Computer Systems 26(7), 1032–1042 (2010)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Towards a usage-based security framework for collaborative computing systems. ACM Transactions on Information and System Security (TISSEC) 11(1), 1–36 (2008)
Stihler, M., Santin, A.O., Calsavara, A., Marcon Jr., A.L.: Distributed Usage Control Architecture for Business Coalitions. In: Proceedings of the IEEE International Conference on Communications, ICC 2009 (2009)
Pretschner, A., Hilty, M., Schutz, F., Schaefer, C., Walter, T.: Usage Control Enforcement: Present and Future. IEEE Security & Privacy 6(4), 44–53 (2008)
Pretschner, A., Schutz, F., Schaefer, C., Walter, T.: Policy Evolution in Distributed Usage Control. Electronic Notes on Theoretical Computer Science 244, 109–123 (2009)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust Management for Public-Key Infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems Security. In: Ryan, M. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)
Hoare, C.A.R.: Communicating sequential processes. Communications of the ACM 21(8), 666–677 (1978)
Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (2009)
Cloud Security Alliance. Top Threats to Cloud Computing (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martinelli, F., Mori, P. (2012). A Distributed Authorization System with Mobile Usage Control Policies. In: Moreno-Díaz, R., Pichler, F., Quesada-Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2011. EUROCAST 2011. Lecture Notes in Computer Science, vol 6927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27549-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-27549-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27548-7
Online ISBN: 978-3-642-27549-4
eBook Packages: Computer ScienceComputer Science (R0)