Access control in a distributed micro-cloud environment

TL;DR

This paper proposes a hierarchical ABAC model for distributed micro-cloud environments, aiming to reduce administrative complexity and improve access control management in complex, real-time data systems.

Contribution

It introduces a hierarchical ABAC model with a supporting policy engine, demonstrating its effectiveness in simplifying access control administration in distributed micro-clouds.

Findings

Resource hierarchies simplify ABAC policy management

The model supports dynamic, distributed cloud environments

Potential for easier integration into real-world systems

Abstract

Proliferation of systems that generate enormous amounts of data and operate in real time has led researchers to rethink the current organization of the cloud. Many proposed solutions consist of a number of small data centers in the vicinity of data sources. That creates a highly complex environment, where strict access control is essential. Recommended access control models frequently belong to the Attribute-Based Access Control (ABAC) family. Flexibility and dynamic nature of these models come at the cost of high policy management complexity. In this paper, we explore whether the administrative overhead can be lowered with resource hierarchies. We propose an ABAC model that incorporates user and object hierarchies. We develop a policy engine that supports the model and present a distributed cloud use case. Findings in this paper suggest that resource hierarchies simplify the administration of ABAC models, which is a necessary step towards their further inclusion in real-world systems.