2. Context
“Any information that can be used to characterize the situation of
an entity (person, place, or object) that is considered relevant to
the interaction between a user and an application, including the
user and applications themselves” (Abowd, et al., 1999; Dey, 2001)
PaaSword18/11/2016 2
3. Challenges
PaaSword18/11/2016 3
Access control models & Context
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute Based Access Control (ABAC)
ABAC provides the appropriate flexibility that is highly desired
in the heterogeneous cloud computing domain
Context is of utmost importance in the inherently
heterogeneous and dynamic cloud environments
4. Context-aware Security Model
A model for semantically describing the knowledge that lurks
behind security policies
This model constitutes the background knowledge for code
annotations
It comprises of two dimensions related to
dynamic security controls
static security controls
8. Inferencing based on
Property Transitivity
Rule
If (Subject isLocatedIn SouthEurope)
Then Permit Access…
Facts
RequestorX isA Subject
RequestorX isLocatedIn Athens
Athens isLocatedIn Greece
Greece isLocatedIn SouthEurope
Inferred Fact
Inferred Facts
Athens isLocatedIn SouthEurope
RequestorX isLocatedIn Greece
RequestorX isLocatedIn SouthEurope
Decision
Access Request Permitted
PhysicalLocation
Area
isLocatedIn:Area
City
isLocatedIn:Area
North Europe
Central Europe
South Europe
Netherlands
isLocatedIn:North
Europe
Greece
isLocatedIn:South
Europe
Amsterdam
isLocatedIn:Netherlands
Athens
isLocatedIn:Greece
<<Instanceof>>
<<subclassof>>
Subject
isLocatedIn:PhysicalLocation
<<isLocatedIn>>