Context-aware Security Model

This work introduces the notion of context in access control policies, i.e. the consideration of dynamically‐changing contextual attributes that may characterise and restrict data accesses. The use of contextual information enables data owners and administrators to apply access control policies by mainly considering the circumstances under which access requests to sensitive data, should be granted.

Cloud application developers may use the PaaSword Context-aware Security Model, in order to annotate the database entities, the data access objects or any other web endpoints that give access to sensitive data managed. This model involves two significant parts:

  • The first one refers to the evaluated contextual information (e.g. the identity of a user, its role in a company, patterns of access etc.) that should be considered before granting any data access request. It involves the following facets: Security Context Element, Permission and Context Pattern.
  • A second part that refers to the attributes that characterise the sensitivity levels of data objects along with the necessary encryption and physical distribution that these dictate, during the cloud application bootstrapping phase. It involves the DDE Element.

Metamodel

Therefore, primarily, this model tries to conceptualize through a semantic vocabulary, all the facets, which must be taken under consideration during the development and enforcement of a data-access control policy.

This model will be updated during the project’s life-cycle. The details of the current version of this model can be found below:

  • PaaSword Permission Context Element
  • PaaSword Permission Context Element
  • PaaSword Context Pattern Element
  • PaaSword DDE Context Element