Data-centric access control for cloud computing

Thomas Pasquier, Jean Bacon, Jatinder Singh, David Eyers

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

19 Citations (Scopus)

Abstract

The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is used by different applications, particularly given the increase in data-driven (big data' and IoT) applications. We argue that access control for the cloud should no longer be application-specific but should be data-centric, associated with the data that can ow between applications. Indeed, the data may originate outside cloud services from diverse sources such as medical monitoring, environmental sensing etc. Information Flow Control (IFC) potentially offers data-centric, system-wide data access control. It has been shown that IFC can be provided at operating system level as part of a PaaS offering, with an acceptable overhead. In this paper we consider how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.

Original languageEnglish
Title of host publicationSACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery (ACM)
Pages81-88
Number of pages8
Volume06-08-June-2016
ISBN (Electronic)9781450338028
DOIs
Publication statusPublished - 6 Jun 2016
Event21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 - Shanghai, China
Duration: 6 Jun 20168 Jun 2016

Conference

Conference21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016
Country/TerritoryChina
CityShanghai
Period6/06/168/06/16

Keywords

  • Cloud Computing
  • Data Protection
  • Information Flow Control

Fingerprint

Dive into the research topics of 'Data-centric access control for cloud computing'. Together they form a unique fingerprint.

Cite this