UCONABC applies continuous authorization reevaluation, which requires usage accounting that enables fine-grained access control for cloud computing. The UCONABC usage control enhances the classical access control by reevaluating continuously the user attributes during consumption of a service or resource against the usage policies. The usage can be understood as an object’s (e.g., a file) read and write operations and resource consumption (e.g., CPU cycles). However, it was not designed to work in distributed and dynamic authorization environments like those present in cloud computing. During a continuous (periodical) reevaluation, an authorization exception condition, disparity among usage accounting and authorization attributes may occur. This proposal aims to provide resilience to the UCONABC continuous authorization reevaluation, by dealing with individual exception conditions while maintaining a suitable access control in the cloud environment. The experiments made with a proof-of-concept prototype show a set of measurements for an application scenario (e-commerce) and allows for the identification of exception conditions in the authorization reevaluation.
You are here: / / CLOUD COMPUTING WITH RESILIENT UCONABC REEVALUATION AUTHORIZATION MODEL