Achieving security-by-design through ontology-driven attribute-based access control in cloud environments

dc.contributor.author Veloudis, Simeon
dc.contributor.author Paraskakis, Iraklis
dc.contributor.author Petsos, Christos
dc.contributor.author Verginadis, Yannis
dc.contributor.author Pationiotakis, Ioannis
dc.contributor.author Gouvas, Panagiotis
dc.contributor.author Mentzas, Grigoris
dc.date.accessioned 2022-08-26T08:17:08Z
dc.date.available 2022-08-26T08:17:08Z
dc.date.issued 2019-04
dc.description.abstract The constantly increasing number of cyberattacks worldwide raise significant security concerns that generally deter small, medium and large enterprises from adopting the cloud paradigm and benefitting from the numerous advantages that it offers. One way to alleviate these concerns is to devise suitable policies that infuse adequate access controls into cloud services. However, the dynamicity inherent in cloud environments, coupled with the heterogeneous nature of cloud services, hinders the formulation of effective and interoperable access control policies that are suitable for the underlying domain of application. To this end, this work proposes an approach to the semantic representation of access control policies and, in particular, to the semantic representation of the context expressions incorporated in such policies. More specifically, the proposed approach enables stakeholders to accurately define the structure of their policies, in terms of relevant knowledge artefacts, and thus infuse into these policies their particular security and business requirements. This clearly leads to more effective policies, whilst it enables semantic reasoning about the abidance of policies by the prescribed structure. In order to alleviate the scalability concerns associated with semantic reasoning, the proposed approach introduces a reference implementation that extends XACML 3.0 with an expert system fused with reasoning capabilities through the incorporation of suitable meta-rules. Keywords: Context-aware security; Ontologies; Access control policies; Data privacy; Security-by-design; Semantic reasoning
dc.identifier.citation Simeon Veloudis, Iraklis Paraskakis, Christos Petsos, Yannis Verginadis, Ioannis Patiniotakis, Panagiotis Gouvas, Gregoris Mentzas, Achieving security-by-design through ontology-driven attribute-based access control in cloud environments, Future Generation Computer Systems, Volume 93, 2019, Pages 373-391, ISSN 0167-739X, https://doi.org/10.1016/j.future.2018.08.042.
dc.identifier.issn //doi.org/10.1016/j.future.2018.08.042
dc.identifier.uri https://ccdspace.eu/handle/123456789/80
dc.language.iso en
dc.title Achieving security-by-design through ontology-driven attribute-based access control in cloud environments
dc.type Article
dspace.entity.type
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
FGCS_Revised.pdf
Size:
1.32 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed to upon submission
Description: