Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Access Control Mechanism based on MAC for Cloud Convergence

클라우드 융합을 위한 MAC 정책 기반 접근통제 메커니즘

  • Choi, Eun-Bok (Dept. of Smartmedia, Jeonju University) ;
  • Lee, Sang-Joon (School of Business Administration, Chonnam National University)
  • 최은복 (전주대학교 스마트미디어학과) ;
  • 이상준 (전남대학교 경영학부)
  • Received : 2015.11.10
  • Accepted : 2016.02.20
  • Published : 2016.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise's server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

클라우드 컴퓨팅 환경은 가상화 기술을 이용하여 네트워크에 기반한 컴퓨터 자원, 소프트웨어, 인프라 등을 서로 공유하는 기능을 제공한다. 가상화는 기업의 서버 운영효율과 비용절감을 위해 매우 유용한 기술이지만 보안을 고려하지 않고 수행할 경우 새로운 보안 위협의 대상이 될 수 있다. 본 논문에서는 클라우드 시스템 환경에서 발생할 수 있는 다양한 문제점을 해결하는 클라우드 융합을 위한 MAC 기반 접근통제 메커니즘을 제안한다. 이 메커니즘은 접근통제 시스템 모니터의 상태규칙 집합, 보안특성 그리고 알고리즘으로 구성된다. 본 논문에서는 제안된 접근통제 메커니즘을 갖는 제어 시스템과 초기 보안 상태가 안전한 시스템임을 증명하였다. 본 메커니즘은 정책 모듈을 통해 접근통제 시스템들 간의 통제된 자원들이 서로 안전하게 공유되며 유지 관리되어질 수 있는 장점을 제공한다.

Keywords

References

  1. ITU-T Y.CCDEF, "Information technology-Distributed application platforms and services-cloud computing - Overview and Vocabulary", 2013.
  2. Security Requirements for Server Virutalization System, Telecommunications Technology Association, pp. 1-18, 2013.
  3. F. Sabani, "Virtualization-Level Security in Cloud Computing", International Conference on Communication Software and Networks(ICCSN), pp. 250-254, 2011.
  4. M. Bishop, Computer Security : Art and Science, Addison Welsey, Vol. 200, 2012.
  5. H. Zhu, Y. Xue, Y. Zhang, X. Chen, H. Li, and X. Liu, "V-MLR : A Multilevel Security Model for Virtualization", International Conference on Intelligent Networking and Collaborative Systems(ICINCS), pp. 9-16, 2013.
  6. G. Sala, D. Sgandurra, and F. Baiardi, "Security and Integrity of a Distribute File Storage in a Virtual Environment", IEEE Security In Storage Workshop, pp. 58-69, 2007.
  7. F. Sabahi, "Cloud Computing Security Threats and Responses", International Conference on Communication Software and Networks(ICCSN), pp. 245-249, 2011.
  8. M. Khan, K. Sakamura, "Context-Aware Access Control for Clinical Information Systems", International Conference on Innovations in Information Technology, pp. 123-128, 2012.
  9. T. Y. Win, H. Tianfield, and Q. Mair, "Virtualization Security Combining Mandatory Access Control and Virtual Machine Introspection", International Conference on Utility and Cloud Computing(ICUCC), pp. 1004-1009, 2014.
  10. G. Cheng, H. Jin, D. Zou, A. K. Ohoussou, and F. Zhao, "A Prioritized Chinese Wall Model for Managing the Covert Information Flows in Virtual Machine Systems", International Conference for Young Computer Scientists(ICYCS), pp. 1481-1487, 2008.
  11. A. Corradi, R. Montanari, and D. Tibaldi, "Context-based Access Control for ubiquitous Service Provisioning", Proceedings of the COMPSAC '04, 2004.
  12. K. J. Biba, "Integrity Considerations for Secure Computer Systems", MTR-3153, The Mitre Corporation, 1975.
  13. D. Zou, L. Shi, H. Jin, "DYM-MAC: A Mandatory Access Control System in Distributed Virtual Computing Environment", International Conference on Parallel and Distributed Systems(ICPDS), pp. 556-563, 2009.
  14. D. George, V. Nirmal, "SECCON:A Framework for Applying Access Control Policies in Context-Aware Wireless Networks", World Congress on Computing and Communication Technologies, pp. 268-270, 2014.
  15. National Security Agency, Security-Enhanced Linux(SELinux). http://www.nsa.gov/selinux.
  16. S. Castano, DATABASE SECURITY, ADDISON-WESLEY. pp. 39-60.
  17. M. Blanc, J. Briffaut, J.-F., Lalande, C. Toinard, "Distributed Control Enabling Consistent MAC Policies and IDS based on a Meta-Policy approach", IEEE POLICY'06, 2006.

Cited by

  1. Business Satisfaction with Network Access Control(NAC) Solutions for Active Trade : Focussing on Users vol.17, pp.6, 2016, https://doi.org/10.20462/tebs.2016.12.17.6.305