SAFAX: an extensible authorization service for cloud environments

S.P. Kaluvuri, A.I. Egner, J.I. Den Hartog, N. Zannone (Corresponding author)

Research output: Contribution to journalArticleAcademicpeer-review

13 Citations (Scopus)

Abstract

Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, the ad hoc manner in which data sharing between users is implemented lead to issues for these users. For instance, users are required to define different access control policies for each cloud service that they use and are responsible for synchronizing their policies across different cloud providers. Users do not have access to a uniform and expressive method to deal with authorization. Current authorization solutions cannot be applied as-is, since they cannot cope with challenges specific to cloud environments. In this paper, we analyze the challenges of data sharing in multi-cloud environments and propose SAFAX, an XACML-based authorization service designed to address these challenges. SAFAX’s architecture allows users to deploy their access control policies in a standard format, in a single location, and augment policy evaluation with information from user selectable external trust services. We describe the architecture of SAFAX, a prototype implementation based on this architecture, illustrate the extensibility through external trust services and discuss the benefits of using SAFAX from both the user’s and cloud provider’s perspectives.
LanguageEnglish
Article number9
Number of pages15
JournalFrontiers in ICT
Volume2
DOIs
StatePublished - 2015

Fingerprint

Access control

Cite this

@article{62584c4d66f3434abec02dd896b84d8d,
title = "SAFAX: an extensible authorization service for cloud environments",
abstract = "Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, the ad hoc manner in which data sharing between users is implemented lead to issues for these users. For instance, users are required to define different access control policies for each cloud service that they use and are responsible for synchronizing their policies across different cloud providers. Users do not have access to a uniform and expressive method to deal with authorization. Current authorization solutions cannot be applied as-is, since they cannot cope with challenges specific to cloud environments. In this paper, we analyze the challenges of data sharing in multi-cloud environments and propose SAFAX, an XACML-based authorization service designed to address these challenges. SAFAX’s architecture allows users to deploy their access control policies in a standard format, in a single location, and augment policy evaluation with information from user selectable external trust services. We describe the architecture of SAFAX, a prototype implementation based on this architecture, illustrate the extensibility through external trust services and discuss the benefits of using SAFAX from both the user’s and cloud provider’s perspectives.",
author = "S.P. Kaluvuri and A.I. Egner and {Den Hartog}, J.I. and N. Zannone",
year = "2015",
doi = "10.3389/fict.2015.00009",
language = "English",
volume = "2",
journal = "Frontiers in ICT",
issn = "2297-198X",
publisher = "Frontiers Media S.A.",

}

SAFAX : an extensible authorization service for cloud environments. / Kaluvuri, S.P.; Egner, A.I.; Den Hartog, J.I.; Zannone, N. (Corresponding author).

In: Frontiers in ICT, Vol. 2, 9, 2015.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - SAFAX

T2 - Frontiers in ICT

AU - Kaluvuri,S.P.

AU - Egner,A.I.

AU - Den Hartog,J.I.

AU - Zannone,N.

PY - 2015

Y1 - 2015

N2 - Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, the ad hoc manner in which data sharing between users is implemented lead to issues for these users. For instance, users are required to define different access control policies for each cloud service that they use and are responsible for synchronizing their policies across different cloud providers. Users do not have access to a uniform and expressive method to deal with authorization. Current authorization solutions cannot be applied as-is, since they cannot cope with challenges specific to cloud environments. In this paper, we analyze the challenges of data sharing in multi-cloud environments and propose SAFAX, an XACML-based authorization service designed to address these challenges. SAFAX’s architecture allows users to deploy their access control policies in a standard format, in a single location, and augment policy evaluation with information from user selectable external trust services. We describe the architecture of SAFAX, a prototype implementation based on this architecture, illustrate the extensibility through external trust services and discuss the benefits of using SAFAX from both the user’s and cloud provider’s perspectives.

AB - Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, the ad hoc manner in which data sharing between users is implemented lead to issues for these users. For instance, users are required to define different access control policies for each cloud service that they use and are responsible for synchronizing their policies across different cloud providers. Users do not have access to a uniform and expressive method to deal with authorization. Current authorization solutions cannot be applied as-is, since they cannot cope with challenges specific to cloud environments. In this paper, we analyze the challenges of data sharing in multi-cloud environments and propose SAFAX, an XACML-based authorization service designed to address these challenges. SAFAX’s architecture allows users to deploy their access control policies in a standard format, in a single location, and augment policy evaluation with information from user selectable external trust services. We describe the architecture of SAFAX, a prototype implementation based on this architecture, illustrate the extensibility through external trust services and discuss the benefits of using SAFAX from both the user’s and cloud provider’s perspectives.

U2 - 10.3389/fict.2015.00009

DO - 10.3389/fict.2015.00009

M3 - Article

VL - 2

JO - Frontiers in ICT

JF - Frontiers in ICT

SN - 2297-198X

M1 - 9

ER -