Towards a Fine-Grained Access Control for Cloud
Résumé
The centerpiece of an efficient Cloud security
architecture is a well-defined access control policy. In literature
we can find several access control models such as the Mandatory
Access Control (MAC), Discretionary Access Control (DAC),
Role-Based Access Control (RBAC) and the latest one Usage
Control Authorization, oBligation and Condition (UCON
ABC
).
The UCON
ABC
is very suitable for the context of distributed
systems like cloud computing but it doesn't give any
implementation method. In this paper we define the profile
centric model using graph formalism and its implementation
using matrix. We define the profile as the combination of all
possible authorization, obligation, condition, role, etc... and other
access parameters like attributes that we can found in Cloud
system.We discuss its application using three matrixes (profile
definition, profile inheritance and user assignment). Profile
centric modeling is an optimum paradigm to define access
control policy in complex distributed and elastic system like
cloud computing.The proposed solution is validated and
implemented over Hadoop distributed file system in the context
of Safe Box as a service.