Loading...
Privacy Preserving Access Control for Service Composition in Cloud Computing
Osanloo, Farnaz | 2014
1104
Viewed
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 46110 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Amini, Morteza
- Abstract:
- Cloud computing is a new computing environment where computing infrastructure, platform and software are provided as a service. Rapid growth of cloud environments has increased the importance of security requirements and challenges for both service providers and users in cloud. Two main security issues in software as a service (SaaS) delivery model are access control and privacy preserving in basic web services and also in composite services obtaining through the automatic composition and inference of policies from the ones specified for basic services. In this thesis, we present a privacy preserving access control model and framework for service composition in SaaS delivery model of cloud environments. In this model, in addition to considering the access control policies of web services, data privacy of users are preserved in accessing the both basic and composite web services. The access control model, which is considered in this thesis, is an Attribute based Access Control (ABAC) model. Following this model, an access request for a service is permitted if the user’s attribute certificates and contextual conditions are in compliance with the access control policies specified by the service provider. In accessing the service, the privacy of the user’s private data is considered by comparing the privacy preferences of the user with the privacy policies of the service provider following the proposed purpose-based privacy model. In the framework proposed in this thesis, the chains of composite services are ranked according to the users’ preferences and sensitivity level of their data. A chain with the lower information leakage gets more priority. The access control and privacy policies of the composite service, established by the chosen chain of services, are inferred through a bottom-up approach and by automatic composition of policies specified for basic services in the chain. In case of incompliance of the user’s preferences with privacy policies of the requested service, a negotiation phase is taken into account in the access procedure proposed in this framework. The case studies presented in this thesis and developing a prototype of a system based on the proposed privacy preserving access control model, confirms the applicability of the proposed model in practice
- Keywords:
- Cloud Computing ; Software as a Service ; Access Control ; Privacy Preserving ; Service Composition
- محتواي کتاب
- view
- 1 مقدمه
- 2 رایانشابری و سرویسوب
- 3 کنترل دسترسی و حفظ حریم خصوصی در ترکیب سرویسوب
- 4 کنترل دسترسی حافظ حریم خصوصی برای ترکیبسرویسها
- 5 بررسی موردی و ارزیابی
- 6 نتیجهگیری و سوی کارهای آتی
- کتابنامه
- واژهنامه فارسی به انگلیسی
- واژهنامه انگلیسی به فارسی