Semantically Rich, Context-Aware, Attribute Based Access Control Model for Cloud System

Resource access control is an important research topic in cloud systems security. Much of the work has been focused on context-sensitive access control and rule representation. In an open source cloud computing platform such as OpenStack, operators use Role-Based Access Control (RBAC) model to grant user-access to cloud resources. However, these user level role-based access control technique fails to include a comprehensive user context. A situational aware framework will provide hardened access security by bringing in users context in such cloud systems.;In this work, we propose a semantically rich context-sensitive access control system for OpenStack by incorporating the user's current context attributes like location, time, etc. We integrate our own knowledge graph dependent attribute-based policy system with OpenStack policy engine to demonstrate our approach. In a proof-of-concept implementation, we integrate a knowledge graph with our own access control system to express and enforce the contextual-situation policies in OpenStack, while keeping OpenStack's current RBAC architecture in place. The proposed system provides enhanced, flexible access control while minimizing the overhead of altering the existing access control framework. We present use cases to highlight the benefits of our system and show enforcement results. The study also investigates the flexibility of integrating different policy frameworks in Open-Stack in order to enhance the access control.