Go to DBLP homepageAccess control in a distributed micro-cloud environment
Abstract: Proliferation of systems that generate enormous amounts of data and operate in real time has led researchers to rethink the current organization of the cloud. Many proposed solutions consist of a number of small data centers in the vicinity of data sources. That creates a highly complex environment, where strict access control is essential. Recommended access control models frequently belong to the Attribute-Based Access Control (ABAC) family. Flexibility and dynamic nature of these models come at the cost of high policy management complexity. In this paper, we explore whether the administrative overhead can be lowered with resource hierarchies. We propose an ABAC model that incorporates user and object hierarchies. We develop a policy engine that supports the model and present a distributed cloud use case. Findings in this paper suggest that resource hierarchies simplify the administration of ABAC models, which is a necessary step towards their further inclusion in real-world systems.
Loading