KTH-SEECS Applied Information Security Lab

Extensible Access Control Framework for Cloud based Applications

Introduction:

KTH-Applied Information Security Lab is working on the research project entitled “Extensible Access Control Framework for Cloud based Applications (EACF) funded by National ICT R&D Fund, Ministry of Information Technology. The project is approved with the proposed budget of 13 Million PKR. This project focuses on the design and development of a generic access control framework for the Software as a Service (SaaS) hosted Cloud applications. The main goal of this project is to facilitate private and public sectors by help assuring them that their information on Cloud is appropriately and securely managed.

 

Cloud Computing provides features of flexibility, unlimited storage capacity, easy and quick way to access resources, and overall cost reduction in obtaining services and resources. Despite all these benefits, security of Cloud have become the top most concern for IT and security professionals. Their degree of concern relates to secure processing and data storage, data segregation, recovery & replication of data, long term data viability and many more. In terms of unrestricted shared computing environment, one key issue is to allow authorize access to all individuals, and organizations based on the sensitivity level of data. For an adequate data and application security, Cloud computing demands flexible and reliable access control mechanisms that ensures effective access management strategy for data and other resources hosted on Cloud.

 

Proposed framework will address the SaaS security issues in terms of authorization. It will provide high-level of extensibility and security by incorporating multiple access control models pertaining to the needs of Cloud service consumers (organizations). Efforts put on this research will provide a generic platform to specify and manage complex access control policies in a flexible manner. Thus enterprises will be facilitated by transforming their security policies to security implementation without having expensive and error-prone work. In other words, this framework will act as an access control layer between application and users of application.

 

Proposed framework will be developed in the form of artifact. Principally, this artifact will be an authorization application for SaaS hosted applications. This artifact will enclose an implementation of three standardized and commonly used access control models (ABAC, UCON, FGAC). These models will be implemented using Extensible Access Control Markup Language (XACML) providing a challenging research area.