Agent-Based Cloud Broker Architecture for Distributed Access Control Manoj V. Thomas 1, and Chandra Sekaran K. Department of Computer Science and Engineering. NITK, Surathkal, Mangalore 575 025, India. e-mail: 1 manojkurissinkal@gmail.com Abstract. Cloud computing is an emerging paradigm in the distributed computing environments where, users access various services and shared resources hosted by the service providers, to achieve their tasks done efficiently. Authentication and authorization are the two important functions to be performed in the context of cloud computing, to make sure that unauthorized users do not access the distributed system components. In this paper, we analyse the issue of distributed access control discussing the various approaches already adopted in this area considering the advantages and disadvantages. We propose an agentbased cloud broker architecture with computational intelligence for mediating the access requests of cloud customers, considering the present day requirements of the cloud computing paradigm. We also give the workflow model for the proposed agent-based cloud broker architecture. A few open issues in the area of distributed access control are also discussed. Keywords: access control, agents, authentication, authorization, cloud computing. 1. Introduction 1.1 Distributed Access Control In Cloud Computing or Services Computing, users access various resources or services after verification of their identity by the service provider. In open service-oriented systems, in many cases, the service providers and the service consumers are strangers. Since they do not have a pre-established trust value between them, the service provider must be able to authenticate the unfamiliar users and then determine whether the requestors have enough privileges to access the requested services. Trust establishment between consumers, Service Providers and Identity Providers also assumes very high importance in the current scenario. As the development of the internet is very fast, there are increasing demands to support cooperation among distributed, heterogeneous, and autonomous organizations, highlighting the need Corresponding author. K. R. Venugopal and L. M. Patnaik (Eds.) ICCN 2013, pp. 189 197. Elsevier Publications 2013.
Manoj V. Thomas and Chandra Sekaran K. to develop an efficient access control model to facilitate cooperation or collaboration in such a distributed environment. In open distributed systems, secure authentication and authorization processes are required before access privileges are granted to the users. The issue of access control in the domain of distributed applications, in collaborative, distributed, cooperative environments like cloud computing, where various users access the resources and services, with different access rights, is called the distributed access control. Various users have different access rights towards the available resources in the system, which need to be concisely specified and correctly enforced. Access control deals with the specification and enforcement of users access permissions and access restrictions relative to the resources of a system. 1.2 Agent-based computing Agents are normally autonomous programs, which can interact with the environment and act upon it to achieve their tasks [1]. An intelligent agent can perform flexible autonomous actions to meet its design objectives. A multi-agent system involves multiple interacting software components known as agents, which can cooperatively solve the problems that are beyond the capabilities of any individual entity. The agents are characterized by certain unique properties to be different from the standard programs. The mandatory properties [1] of the agents are: 1. Autonomy 2. Decision Making 3. Temporal Continuity and 4. Goal Oriented. The agents are characterised by the following orthogonal properties [1]: 1. Mobility 2. Communicative 3. Collaborative and 4. Learning. The main advantages of the agent based systems are [2]: 1. Reduce the network load 2. Minimize the network latency 3. Execute in asynchronous and autonomous mode 4. Adapt dynamically and 5. Robust and fault tolerant. Because of the inherent properties of cloud computing and agent-based systems, and also because of the advantages of an agent-based approach, it would be an efficient and secure approach to combine the two paradigms so that the access requests of the cloud customers could be mediated through the agents. The rest of the paper is organized as follows: Section 2 describes the work done in the area of distributed access control highlighting the advantages and disadvantages of various approaches. Section 3 presents an agent-based cloud broker architecture for mediating the access control requests of users, taking into account the current issues and present day requirements. Section 4 discusses the workflow model for the proposed access control architecture. Section 5 presents the analysis and results mentioning a few open issues in this area and Section 6 concludes the paper. 2. Work Done in the Area Many researchers have been working in this area of access control and, some of the works carried out by them follows. The work carried out in [3] presents an attribute and role based access control (ARBAC) model. Before invoking services, requestors of various services provide their attribute information to the service providers. In this work, access negotiation mechanism is not added into the ARBAC model. In [4], it presents an objected-oriented RBAC model (ORBAC) based on which, multiple domain access control is obtained. A method is presented to prevent the problem of separation of duty. In the work carried out in [5], a unified hierarchy is derived starting from an access relation between users and resources, which is used to specify the access relation that allows user 190
Agent-Based Cloud Broker Architecture for Distributed Access Control queries. But, this scheme does not consider the dynamics of access control (when users and resources are added and removed and when access rights change) and the specification of negative access relations in distributed systems. In [6], a method for managing the security policies using XML and role based access control are presented. A role-based access control model for web-based applications (ORBAC) is introduced. In [7], the design and development of a domain-based access control infrastructure for distributed collaborative environments is introduced. The concept of virtual laboratory (VL) is given. How to enforce access control, on the numerous users who are not defined in the system in the distributed computing environment is discussed in the work carried out in [8]. A trust representation and reasoning model, using fuzzy set theory is proposed in this work. In [9], the proposed scheme cryptographically provides role-based access control and delegation, based on Hierarchical Identity- Based Signature (IBS). Algorithms for role based access control and delegation scheme are proposed in this work. In the work carried out in [10], dynamic access control models have been proposed for distributed dynamic environments where the users (or agents) may not have a static role. In the Dynamic Event- Based Access Control (DEBAC), as well as in the Action-Status Access Control (ASAC) model, the users rights of access vary depending on the history of events involving the user. In [11], a Trust and Context based Access Control (TCAC) model, extending the RBAC model is proposed for open and distributed systems. When the trust value of the requester is not less than the trust threshold defined by the system policies, the user will be assigned to some roles. In [12], an access control model based on credibility is proposed. In open distributed systems, the access-control policy in the server changes quickly. The service providers adjust the threshold value of credibility and weight factor, instead of changing policies in the server. The service providers register their threshold value of trust on the servers. If a requestor s trustworthiness achieves this value in the server, access to the service provider is made possible. The authors in [13] put forward an access control model, based on roles and trust values of subjects and objects. In this work, the RBAC model is extended by adding trust factor. In the work carried out in [14], the authors present a framework for the verification of run-time constraints and security properties for RBAC systems, considering the dynamic behavior of users during an active session. Temporal and location based decision parameters are considered. In [15], it describes a Role-Based Access Control (RBAC) mechanism for distributed High Performance Computing (HPC) systems where both users and resources can be dynamic and can belong to multiple organizations, each with their own diverse security policies and mechanisms. In [16], the authors discuss the issue of identity management in the cloud computing scenario. In this work, loss of control, lack of trust and multitenancy issues are identified as major problems in the present cloud computing model. The work mentioned in [17] proposes solution for access control using trust management and agent concept, that could be applied to distributed information systems. The present day cloud computing paradigm is highly dynamic and the trust values between various cooperating domains change from time to time. This dynamic aspects related to the security and access control in the cloud computing is not taken care of. In [18], the authors present a security agent-based approach for the authorization aspects in the distributed environment. In this work, the security agents are used to manage the privileges for the distributed authorization. This work also does not consider the dynamic nature of the access control. Distributed access control architecture based on the concept of distributed, active authorization 191
Manoj V. Thomas and Chandra Sekaran K. Figure 1. Agent-Based cloud broker architecture. entities is proposed in [19]. This also lacks the dynamic trust management and the security policy conflict management when various users in the organization access the cloud resources at the same time. 3. Agent-Based Cloud Broker Architecture for the Distributed Access Control In the light of the literature review carried out by us, we propose an architecture for the Agent-Based Cloud Broker (ABCB) for the distributed access control as shown in the Figure 1. The main components in the proposed model are: 1) Cloud Service Consumer (CSC) 2) Agent Based Cloud Broker (ABCB) 3) Cloud Service Provider (CSP) and 4) Identity Provider (IdP). 3.1 Cloud service consumer (CSC) Cloud Service Consumers are the entities requesting the resources or services from the Cloud Service Providers (CSPs). The CSCs need to be properly authenticated in order to ensure that unauthorized users do not access the services hosted by the CSPs. 3.2 Agent-based cloud broker (ABCB) The ABCB mediates the access requests initiated by the cloud consumers. The main modules of the Agent-Based Cloud Broker (ABCB) are: 3.2.1 Trust provider (TP) In a multi-domain environment like cloud computing, the trust needs to be established between the cloud service provider and service consumers and also between the providers of various services and the identity providers. Trust Provider module calculates the dynamic trust value of the entity concerned (e.g. Service Provider), considering various parameters such as the past behavior and the history of previous transactions with the same service provider and also by considering the trust values or information of the entity from the Trusted Third Parties. 192
Agent-Based Cloud Broker Architecture for Distributed Access Control 3.2.2 User profiling (UP) This module of the ABCB collects, processes and stores the details of the cloud users such as identity information, preferences, contact details etc. This information could be used by the agent for further interaction with other components in the system with minimal user-agent interaction or user interference. 3.2.3 Access request analyzer (ARA) This module handles the access control requirements generated as a result of the CSCs trying to access some service from the service provider. This module anlyses the request type, resource required etc. and communicates with the Task Identification module. 3.2.4 Tasks identification (TI) This module identifies tasks such as communicating with the Identity Provider, initiating the access request to the CSP chosen, mediating Identification, Authentication and Authorization with the CSP, on behalf of the user. This activity may take information stored internally (user s identification data or preferences) or from the outside environment (any feedback data from other agents or entities in the system). 3.2.5 Identity provider selector (IdPS) The selection of a particular Identity Provider (IdP) among the available ones can be based on parameters such as: 1) the type of the service requested (like the provider details, its authentication and authorization mechanism) 2) also, the security and privacy concerns of the cloud user regarding the degree of disclosure of his identity credentials such as partial or full disclosure of the Pesonally Identifiable Information (PII). 3.2.6 Learning, autonomy and workflow management (LAWM) This module helps the agent to improve its knowledge base, so that it can act with minimal interaction of the human users in mediating the access control requests. 3.3 Cloud service providers (CSPs) The Cloud Service Provider provides the required services or resources to the various requesting users. Before providing services, the users need to be authenticated and their access rights need to be verified so that illegal or unauthorized access can be avoided. The main modules of the Cloud Service Provider (CSP) are: 3.3.1 Authentication (AuthN) This module involves verifying the identity of the requesting user by interacting with the Identity Provider using SAML assertions. The CSP can have many IdPs in its trusted domain. The CSP and the CSC agree on a particular IdP for interaction between them. 193
Manoj V. Thomas and Chandra Sekaran K. 3.3.2 Authorization (AuthZ) This module verifies the privileges of each requestor (CSC). Policy Decision Point (PDP) interacts with policy storage database stored locally with the CSP. PDP also interacts with the Policy Conflict Manager (PCM) module. PDP is to be implemented with break-glass mechanism to allow emergency cases of accessing the resources. The decision taken by the PDP is implemented by the Policy Enforcement Point (PEP). 3.3.3 Policy conflict manager (PCM) Events of possible policy conflicts, arising out of the various access requirements made by different users in the organization at the same time, are handled by this module. 3.3.4 Identity provider selector (IdPS) The Identity Provider Selector module on the CSP selects the trusted IdPs in its domain. IdPS interacts with the Trust Provider module to get the current trust value of various IdPs. 3.3.5 Trust provider (TP) The Trust Provider module on the service provider side monitors the trust value of various service consumers based on factors such as the previous experience with the customers and the current reputation value collected from the Trusted Third Parties. This module also calculates the trust information concerned with the various Identity Providers. This trust calculation should be dynamic because the trust value can change from time to time. 3.4 Identity provider(idp) In service computing, a user or an organization may subscribe to services from multiple service providers. The organization can also integrate the individual services from various cloud service providers and provide the final combined service to its customers. The users in a cloud federation don t need to use separate credentials for each cloud service provider or service they subscribe to; instead, they can have the identity issued by the Identity Provider (Ping Identity, Symplified etc.). They can submit the security tokens (normally SAML assertions) issued by the identity provider, to the service providers in the cloud federation. This is both efficient and secure, and relieves the users of the multiple credentials problem when accessing services from multiple cloud service providers. 4. Workflow Model for the Agent-Based Cloud Broker Architecture The diagram showing the workflow for the distributed access control is given in the Figure 2. As shown in the figure above, the various steps performed by the ABCB and the CSPs in this workflow are: (i) The Cloud Service Consumer (CSC) wants to access the service hosted by the Cloud Service Provider (CSP), and the Agent-Based Cloud Broker (ABCB) mediates the access control request. 194
Agent-Based Cloud Broker Architecture for Distributed Access Control Figure 2. Workflow model for the distributed access control. (ii) The dynamic trust value of the CSP is calculated by the agent based on the previous transaction and the information provided by the Trusted Third Parities. (iii) The agent performs the access request analysis and the tasks to be performed are identified. (iv) The Cloud Service Provider (CSP) selects the IdPs by calculating the trust values of various IdPs, based on the previous history of interaction and, the trust or reputation value provided by other trusted entities. (v) The agent interacts with the CSP to decide the IdP based on the type of service request and the security preferences. (vi) Agent interacts with the IdP to get the security tokens (SAML assertions). (vii) Agent then interacts with the CSP using the tokens given by the IdP. (viii) CSP verifies the tokens submitted by the agent by interacting with the IdP. (ix) Authorization request is handled by the PEP and PDP. (x) PDP decides if that request could be granted, considering the various issues such as policy conflict management, dynamic trust management of the agent and the proper break-glass mechanism of granting privileges. (xi) If the request could be granted, the CSC is given access to the services requested, otherwise the access is denied. 5. Analysis and Results We have adopted the agent-based system for mediating the distributed access control in the cloud computing scenario, because of the salient features and advantages it offers. It is seen that the establishment of dynamic trust relationship between user domains and cloud domains, and between various cloud domains is an important issue to be considered for active research. Privacy protection in consumer cloud has potential for further research. Also based on the analysis done, we can see that most of the research works do not give proper solutions for solving policy conflict in the cloud scenario, which needs to be further explored. In addition to that, an effective break-glass mechanism should be incorporated in the authorization process to handle emergency access requirements 195
Manoj V. Thomas and Chandra Sekaran K. of cloud consumers. The agent-based architecture has enough potential for further research as far as a reliable and scalable access control mechanism in cloud computing is considered. 6. Conclusion In this paper, the issue of distributed access control is discussed and the various approaches, mentioning their advantages and drawbacks are analyzed. Distributed Access Control is an important issue in the domain of distributed applications. It is evident that, there is no single efficient solution for distributed access control meeting the needs of the present day distributed applications, which entails further research in this direction. In this paper, we have proposed agent-based cloud broker architecture for mediating the access requests of various cloud users in cloud computing, by considering the requirements of the present cloud computing paradigm. Also, the workflow model for the Agent-Based Distributed Access Control architecture proposed, is explained. A few open issues for further research in the areas of distributed access control are also discussed. References [1] Manvi, S. S. and Venkataram, P.: Applications of Agent Technology in Communications: A Review. Computer Communications, 27, 1493 1508 (2004). [2] Danny B. Lange and Mitsuru Oshima: Dispatch Your Agents; Shut Off Your Machine. Communications of the ACM, 42(3), 88 89 (1999). [3] Yonghe Wei, Chunjing Shi and Weiping Shao: An Attribute and Role Based Access Control Model for Service-Oriented Environment. In Chinese Control and Decision Conference, 4451 4455 (2010). [4] Chang N. Zang and Cungang Yang: An Object-Oriented RBAC Model for Distributed System. In Working IEEE/IFIP Conference on Software Architecture, 24 32 (2001). [5] Birget, J. C., Zou, X., Noubir, G. and Ramamurthy, B.: Hierarchy-Based Access Control in Distributed Environments. In IEEE International Conference on Communication, 1, 229 233 (2001). [6] Cungang Yang and Chang N. Zhang: Designing Secure E-Commerce with Role-based Access Control. In IEEE International Conference on E-Commerce (CEC 03), 0-7695-1969-5/03, 313 319 (2003). [7] Yuri Demchenko and Cees de Laat: Domain Based Access Control Model for Distributed Collaborative Applications. In Second IEEE International Conference on e-science and Grid Computing 24 24 (2006). [8] Bo Lang, Zhibin Wang and Qingwen Wang: Trust Representation and Reasoning for Access Control in Large Scale Distributed Systems. In 2nd International Conference on Pervasive Computing and Applications, 436 441 (2007). [9] Jin Wang, Daxing Li, Qiang Li and Bai Xi: Constructing Role-Based Access Control and Delegation Based on Hierarchical IBS. In IFIP International Conference on Network and Parallel Computing- Workshops, 112 118 (2007). [10] Clara Bertolissi and Maribel Fernandez: An Algebraic-Functional Framework for Distributed Access Control. In Third International Conference on Risks and Security of Internet and Systems, 1 8 (2008). [11] Fujun Feng, Chuang Lin, Dongsheng Peng and Junshan Li: A Trust and Context Based Access Control Model for Distributed Systems. In 10th IEEE International Conference on High Performance Computing and Communications, 629 634 (2008). [12] Chang Chaowen, Wang Yuqiao and Liu Chen: Analysis and Design of an Access Control Model Based on Credibility. In International Conference on Computer Engineering and Technology, 312 315 (2009). [13] Lingli Zhao, Shuai Liu, Junsheng Li and Haicheng Xu: A Dynamic Access Control Model Based on Trust. In 2nd Conference on Environmental Science and Information Application Technology, 548 551 (2010). [14] Faith Turkmen, Eunjin (EJ) Jung and Bruno Crispo: Towards Run-time Verification in Access Control. In IEEE International Symposium on Policies for Distributed Systems and Networks, 25 32 (2011). 196
Agent-Based Cloud Broker Architecture for Distributed Access Control [15] Anil L. Pereira: RBAC for High Performance Computing Systems Integration in Grid Computing and Cloud Computing. In IEEE International Symposium on Parallel & Distributed Processing, 914 921 (2011). [16] Kumar Gunjan, Sahoo, G. and Tiwari, R. K.: Identity Management in Cloud Computing-A Review. International Journal of Engineering Research and Technology (IJERT), ISSN: 2278-0181, 1(4) (2012). [17] Kagal, L., Finin, T. and Joshi, A.: Trust-Based Security in Pervasive Computing Environments, Computer 34.12, 154 157 (2001). [18] Varadharajan, V., Kumar, N. and Mu, Y.: Security Agent Based Distributed Authorization: An Approach. In 21st National Information Systems Security Conference (NISSC), USA, 315 328 (1998). [19] Antonopoulos, N., Koukoumpetsos, K. and Shafarenko, A.: Access Control for Agent-based Computing: A Distributed Approach, Internet Research, 11(1), 55 64 (2001). 197