Access Control Framework of Personal Cloud based on XACML

Transcription

1 Access Control Framework of Personal Cloud based on XACML 1 Jun-Young Park, 2 Young-Rok Shin, 3 Kyoung-Hun Kim, 4 Eui-Nam Huh 1First Author, 2 Kyung Hee University, {parkhans, shinyr}@khu.ac.kr 3 Gangdong College, iioii.net@gmail.com *4Corresponding Author Kyung Hee University, johnhuh@khu.ac.kr Abstract Collaboration services have been receiving a great deal of attention for personal users in cloud computing. However, collaboration services have a lot of problems in terms of privacy and security. When a user accesses a cloud computing service, the cloud service provider can easily obtain and collect personal information without permission from the user. Therefore, to solve this problem, we define the requirements of personal cloud Access Control (AC) and propose an AC framework based on the personal cloud service reference model. 1. Introduction Keywords: Personal Cloud Security, Cloud Access Control Currently, many personal cloud services are provided by global IT companies, and cloud computing services have been garnered a great deal of attention for personal users. Personal users have been increasingly utilizing cloud services, and problems related to user privacy have increased accordingly. Cloud service providers offer convenient services to individual users; however, they can also easily obtain and collect personal information without permission from users. Therefore, we need privacy protection in Cloud computing services and their security frameworks to conceal user information from cloud service providers. The personal cloud is a popular concept these days. It describes a user-centric service model of cloud computing with which a user is able to access their personal contents and services anytime, anywhere and with any device [1, 2 and 5]. The Personal Cloud can be divided into three categories: Online Storage, WebTop, and Web-based Applications [1]. Each of these frees up resources, either in terms of processing power, as in the case of Web-based applications, or in the case of an Internet-based desktop (known as WebTop), where any computer with an Internet connection can become our personal computer via a Web browser. Ÿ Online Storage gives users a reliable and secure place to store user data such as documents, MP3s, or movies. The user is able to access their personal storage wherever there is an Internet connection using whatever device the user has. Ÿ Web-Based Applications such as Google docs are another very recent advance in personal cloud computing. Hosted software applications do not have to be downloaded and installed on user computer or mobile devices. Ÿ WebTop service is slightly different than the two mentioned above, as its goal is to recreate the highly personalized setting of the user s own desktop with an online version that can be accessed anywhere with an Internet connection. For example, when the user is away from her desk, WebTop allows access to the information that was formerly found only on the desktop of the user s own computer, such as contacts, , and files, through a personalized and familiar desktop with synchronization tools. The Personal Cloud must provide integrated storage and management services, because the Personalized Content Service is distributed and managed through each device and web-service. The personalized content service provides an environment for the storage/operation/management of downloaded public contents (e.g. movies, music, dramas, etc.) and management tools and personalized retrieval. The Privacy Service needs to protect personal information that is shared in order to provide services based on individual personal information. It is possible to protect personal information and user personal data (videos, pictures, files, etc.) among users, service providers, and a data auditor through International Journal of Advancements in Computing Technology(IJACT) Volume5, Number13, September

2 double encryption, even if data leakage and loss occurs [2]. In this paper, Section 2 gives an overview of the related existing AC methods. Section 3 defines the requirements and proposes a personal cloud AC framework and use-case. Section 4 analyzes the proposed framework through a comparison with distributed access control. Section 5 concludes the paper. 2. Related Access Control Methods Several researchers have previously addressed the access control issues of cloud computing [9-10]. Personal Cloud AC employs XACML and RBAC based on the Personal Cloud reference model. Also, we need to look into the Distributed Access Control Architecture (DACA) for a performance evaluation. 2.1 XACML extensible Access Control Markup Language (XACML) defines the syntax for a policy language and the semantics for processing those policies. There is also a request and response format to query the policy system, and semantics for determining the applicability of the policies to requests [4]. 2.2 Role-Based Access Control (RBAC) [3] The authors of [3] presented the Role-Based Access Control (RBAC), in which roles are created by the system administrator to represent specific task competencies that determine the resource types and what each role can access. Individual users are assigned to certain roles according to their job functions. Each role is associated with a set of permissions. A many-to-many mapping exists between the users and roles and between roles and permissions. 2.3 A Distributed Access Control Architecture (DACA) for Cloud Computing The distributed access control architecture for multitenant and virtualized environments is based on the principles from security management and software engineering. As shown in Figure 2, this architecture consists of an Access Control Module (ACM, Figure 1), a Virtual Resource Manager (VRM), and a Service-Level Agreement (SLA, Figure 1) [6]. They adopted an XML-based specification due to its compatibility with the emerging standards for cloud systems and security protocols, with the ultimate goal being that the proposed architecture should be interoperable with complementary security protocols for cloud systems [7]. Figure 2. DAC Architecture Figure 1. AC Module and SLA Module 222

3 3. Personal Cloud Access Control 3.1 Requirements of Personal Cloud AC We defined several requirements of Personal Cloud access control of a generic AC model for collaborative environments that should be supported as follows: Ÿ Compatibility with Previous Security Policy: Access control of personal cloud services must be compatible with security policies of existing services, web-services, or cloud services, rather than creating individual service-based security policies Ÿ Establish an Individual Security Policy: Personal cloud service is managed independently by Cloud Service Providers (CSPs). In this sense, each CSP should establish an individual security policy to manage them. Ÿ Cloud Service Collaboration and Inter-Cloud: A user and service should be certified automatically in corresponding services for cloud service collaboration and inter-cloud by the AC model. Ÿ User Privacy Guarantee: The access control model should be able to protect against any violations of privacy in the personal cloud. A CSP manager can violate the user privacy, so the model should support the user privacy protection from the CSP by using a temporary ID. Ÿ 3rd-Party Auditor: The access control model needs a trusted 3rd-party auditor for verification and compliance regarding the collaboration service. Ÿ Access Control based SLA: All of the service providers should ensure an SLA for the QoS based on established access control policies. 3.2 Personal Cloud AC Framework This framework employs a well-known access control scheme such as RBAC, XACML, etc. In this sense, our proposed framework can be adopted by the other existing access control systems. Figure 3 shows the Personal Cloud AC framework, and the descriptions are as follows: Figure 3. Personal Cloud AC Framework Ÿ User (Client) requests service access to CoSP using their own device with personal information. Ÿ Collaboration Service Provider (CoSP) provides user authentication by the 3rd party SP. - Policy Enforcement Point (PEP): With the service access request, the PEP verifies 223

4 credentials from the 3rd party SP regarding user authentication in accordance with the user s service information. Then the credential verification publishes an access token based on the service information and authority. Ÿ The Cloud Service Provider (CSP) is composed of PDP, PIP, and PAP, which are described as follows, and it is able to generate, determine, store and delete the security policy. - Policy Decision Point (PDP) requests access policy and user role information in order to verify authority. The permission check module compares the access control list, user role and access policy, and then decides permission. - Policy Information Point (PIP) stores security policy-related cloud service and user permission in each service. - Policy Administration Point (PAP) manages security policy and policy list. Ÿ The 3rd-Party Service Provider (SP) is in charge of user authentication and audit concerns for all service providers. 3.3 Use-case of the Personal Cloud AC Framework The proposed Personal Cloud AC Framework is not only supported in the single cloud provider, but also multiple cloud providers. Also, this framework is designed to focus on the collaboration contents service, so we need to examine cases of the Personal Cloud AC Framework in multiple cloud provider environments. Figure 4. Use-cases of the Personal Cloud AC Framework Figure 4 depicts two scenarios in which a user requests access to the service. Scenario (A) shows one access token including two authorizations for collaboration services. It must delegate the authorization and services. In scenario (B), the user requests access to both services at once. This scenario needs to merge both services in the CoSP. 4. Performance Analysis Table 1. Access Control System Parameters and Costs Notation Meaning Cost N U Req PEP Proc ED Trans PDP Proc DE Trans DD Trans C T # of CSP Packet Cost of user request for service Processing Cost for processing user request in PEP Transmit Cost between PEP and PDP Processing Cost for processing user request in PDP Transmit Cost between PDP and PEP Transmit Cost between PDP1 and PDP2 Total Cost

5 We compared the performance of the DACA and the Personal cloud Access Control Framework (PACF) with scenarios A and B. As shown in Table 1, we defined the access control system parameters and the benchmark costs of the PEP and PDP processing [8]. Practically, the DACA is not designed for the authentication process. Therefore, the performance analysis is focused on a comparison of the policy process costs. Also, we assume that all of the transmit costs and U Req are 0.001, and we exclude the SLA module and the authentication process DACA workflow The DACA has PEP and PDP in a Cloud Service Provider (CSP). The DACA sequence diagram is shown in Figure 5 based on the Access Control Module (ACM). Figure 5. Sequence Diagram of DACA As shown in Figure 5, if the user requests authorization to access N CSPs, the DACA needs authorization from each CSP. Therefore, the total cost, C T_DACA, is calculated as follows: _ = (1) So, _ = + ( ) (2) 4.2. Workflow of PACF (A) The PACF consists of PEP in the CoSP, a 3 rd Party in the outsource, and PDP in the CSP. The PEP is conducted in the CoSP, and is independent from a CSP. If an authorization is requested for multiple services, PEP generates the access token for accessing multiple services and then transfers the access token to the first PDP in CSP1. The first PDP checks permission and then transfers the second PDP. In this case (A), PEP generates one access token and provides successive authorization as follows: 225

6 Figure 6. Sequence Diagram of (A) The total cost of (A) of the PACF, CT_PACF_A, is calculated as follows: _ _ = (3) So, _ _ = ( + )+ (4) 4.3. Workflow of PACF (B) PACF (B) shows the case in which there are authorization requests for multiple services at once, in which case the PEP generates N access tokens and then transmits the access tokens to each PDP in the CSPs. Each PDP checks the permissions individually as follows: Figure 7. Sequence Diagram of (B) The total cost of (B) of the PACF, CT_PACF_B, is calculated as follows: _ _ = (5) So, _ _ = + + ( + ) (6) 4.4. Performance Analysis We compared DACA, PACF_A and PACF_B in Figure

7 Figure 8. Performance for Cost Analysis As shown in Figure 8, even though the DACA is similar to other scenarios in a single cloud environment, the cost is increased when the number of CSPs increases. However, the cost of PACFAB is increased less when the number of CSPs increases. This proves through a cost analysis that PACF is appropriate when providing collaboration services. 5. Conclusion In this paper, we designed an access control framework based on user requirements considering a personal cloud environment and cloud collaboration services. The personal cloud must be considered privacy and security for individual users. However, many previous studies have not focused on this area, and many questions remain unanswered. The contributions of this paper are three-fold. First, we propose Personal Cloud Access Control based on XACML. According to this concept, the Personal Cloud Access Control almost supports the access control system based on XACML. The proposed access control is focused on compatibility with the existing access control systems. Second, our proposed model offers independent management of the cloud service provider and flexible expandability through the division between PEP and PDP (including PIP and PAP). Finally, this framework supports user-centric collaboration services using an access token process. In the future, we will design more detailed authentication and authorization components. Also, we will make improvements to adapt our framework to more practical cloud environments. 6. Acknowledgements This work was supported by the IT R&D program of MKE/KEIT [ , Terminal Independent Personal Cloud System]. The Corresponding Author is Eui-Nam Huh. 7. References [1] Jose Rivera, Cloud Computing for Personal Use, The Epoch Times, [2] Eui-Nam Huh, Definition and Requirement Analysis of Personal Cloud Service, TTA Standard of Korea, [3] Sandhu, R.S. Coyne, E.J, Role-Based Access Control Models, IEEE Computer (IEEE Press), vol 29, no 2, pp , [4] R. Yavatkar, D. Pendarakis, R. Guerin, A Framework for Policy-based Admission Control, IETF Standard, RFC 2753,

8 [5] Sang-ho Na, Jun-young Park, Eui-nam Huh, Personal Cloud Computing Security Framework, IEEE APSCC 2010, , pp [6] Almutairi, A. Sarfraz, M., A Distributed Access Control Architecture for Cloud Computing, IEEE Software, vol 29, no 2, , pp [7] R. Bhatti, E. Bertino, and A. Ghafoor, X- Federate: A Policy Engineering Framework for Federated Access Management, IEEE Trans. Software Eng., vol. 32, no. 5, 2006, pp [8] Adam Bates, Ben Mood, Towards secure provenance-based access control in cloud environments, ACM CODASPY '13, , pp [9] D. Nurmi, R Wolski, The Eucalyptus Open-Source Cloud-Computing System, Proc. 9th IEEE/ACM Int l Symp. Cluster Computing and the Grid (CCGRID 09), IEEE CS, 2009, pp [10] S. Berger, Pendarakis D., Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation, IBM J. Research and Development, vol. 53, no. 4, 2009, pp