Context-aware Policy Enforcement for PaaS-enabled Access Control

Abstract

It is generally conceded that, due to security and privacy concerns, enterprises and users are reluctant to embrace the cloud computing paradigm and hence benefit from the cost reductions and the increased flexibility or business agility that this paradigm brings about. These concerns stem mainly from the significantly-expanded attack surfaces that result from the heterogeneous nature of cloud services and the dynamicity inherent in cloud environments. In order to alleviate these concerns, effective and flexible access control approaches are required to consider the contextual parameters that characterise data access requests in the cloud. In this respect, this work presents PaaSword: a novel holistic access control framework—essentially a PaaS offering—that extends the popular XACML standard with semantic reasoning capabilities that support the federation of effective context-aware access control policies and their infusion into cloud applications with minimal manual intervention and effort. To determine the performance of our solution, a comparative evaluation test is presented and discussed, against a well-known reference implementation of the XACML standard, namely the open source WSO2 Balana engine.