Collaborative access control for multi-domain cloud computing

Souheil Ben Ayed, Fumio Teraoka

研究成果: Article査読

3 被引用数 (Scopus)


The Internet infrastructure is evolving with various approaches such as cloud computing. Interest in cloud computing is growing with the rise of services and applications particularly in business community. For delivering service securely, cloud computing providers are facing several security issues, including controlling access to services and ensuring privacy. Most of access control approaches tend to a centralization of policy administration and decision by introducing a mediator central third party. However, with the growth of the Internet and the increase of cloud computing providers, a centralized administration is no longer supported. In this paper, we present a new collaborative access control infrastructure for distributed cloud computing environment, supporting collaborative delegations across multiple domains in order to authorize users to access services at a visited domain that does not have a direct cooperative relationship with the user's home domain. For this purpose, we propose an extension of the XACML (eXtensible Access Control Markup Language) model with a new entity called Delegation Validation Point (DVP) to support multidomain delegation in a distributed environment. We describe the new extended model and functionalities of the new component. In addition, we define new XACML messages for acquiring delegation across domains. For exchanging delegation between domains we use SAML (Security Association Markup Language) and Diameter protocol. Two Diameter applications are defined for transporting securely multiple delegation requests and answers and for building a trusted path of cooperation to acquire the chain of delegations. We detail the implemented prototype and evaluate performance within a testbed of up to 20 domains.

ジャーナルIEICE Transactions on Information and Systems
出版ステータスPublished - 2012 10

ASJC Scopus subject areas

  • ソフトウェア
  • ハードウェアとアーキテクチャ
  • コンピュータ ビジョンおよびパターン認識
  • 電子工学および電気工学
  • 人工知能


「Collaborative access control for multi-domain cloud computing」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。