201. Context-Aware Policy Enforcement for PaaS-Enabled Access Control
- Author
-
Ioannis Patiniotakis, Spyros Mantzouratos, Iraklis Paraskakis, Sebastian Thomas Schork, Ludwig Seitz, Simeon Veloudis, Gregoris Mentzas, Yiannis Verginadis, and Panagiotis Gouvas
- Subjects
Flexibility (engineering) ,Computer Networks and Communications ,business.industry ,Computer science ,XACML ,Cloud computing ,Context (language use) ,Access control ,Business agility ,Computer security ,computer.software_genre ,Computer Science Applications ,Data access ,Hardware and Architecture ,Reference implementation ,business ,computer ,Software ,Information Systems ,computer.programming_language - Abstract
It is generally conceded that, due to security and privacy concerns, enterprises and users are reluctant to embrace the cloud computing paradigm and hence benefit from the cost reductions and the increased flexibility or business agility that this paradigm brings about. These concerns stem mainly from the significantly-expanded attack surfaces that result from the heterogeneous nature of cloud services and the dynamicity inherent in cloud environments. In order to alleviate these concerns, effective and flexible access control approaches are required to consider the contextual parameters that characterise data access requests in the cloud. In this respect, this work presents PaaSword: a novel holistic access control framework-essentially a PaaS offering-that extends the popular XACML standard with semantic reasoning capabilities that support the federation of effective context-aware access control policies and their infusion into cloud applications with minimal manual intervention and effort. To determine the performance of our solution, a comparative evaluation test is presented and discussed, against a well-known reference implementation of the XACML standard, namely the open source WSO2 Balana engine.
- Published
- 2022