Leverage Data Security Policies Complexity for Users: An End-to-End Storage Service Management in the Cloud Based on ABAC Attributes

Nicolas Greneche; Frederic Andres; Shihori Tanabe; Andreas Pester; Hesham H. Ali; Amgad A. Mahmoud; Dominique Bascle

doi:10.1007/978-3-031-59933-0_14

What is it about?

This paper discusses a way to make managing data security easier for users. Nowadays, people can access their data through various methods like direct connections, shared filesystems, or web-based drives. This variety leads to complex rules about who can access what data. Users also have a lot of freedom in creating and using storage resources from different Cloud providers, either locally or remotely. These providers often make it seem like there are limitless resources available, hiding the actual data locations. As resources are distributed more widely, access control methods have evolved. Simple identity-based access control (IBAC) used to be enough, but now more complex methods like role-based (RBAC) and attribute-based access control (ABAC) are needed. This paper focuses on ABAC because it not only controls access based on attributes but also provides information about a user’s profile. This profile information can help simplify the setup and management of data services across distributed resources like those provided by Cloud services.

Photo by Stebilex Systems on Unsplash

Why is it important?

This topic is important for several reasons: -> User-Friendly Security Management: Simplifying data security management makes it easier for users to understand and control who can access their data, enhancing their ability to protect sensitive information. -> Adaptation to Modern Access Methods: As users access data through various means (direct connections, shared filesystems, web drives), traditional access control methods are no longer sufficient. Adapting to these modern methods ensures consistent and effective security across all access points. -> Efficient Use of Cloud Resources: With the growing use of Cloud services, users often don't know where their data is physically stored. Simplifying security management helps users take full advantage of Cloud resources without compromising security. -> Scalability: Attribute-based access control (ABAC) allows for more granular and flexible security policies that can scale with the increasing complexity of user roles and data access needs. -> Profile-Based Customization: By using attributes, security policies can be tailored to individual user profiles, providing a more personalized and secure user experience. -> Enhanced Security: Complex and distributed environments require advanced security measures. ABAC can provide a more robust security framework, reducing the risk of unauthorized access and data breaches.

Perspectives

From a personal perspective, this research resonates deeply with my own experiences as both a user and a manager of digital data. In today’s interconnected world, where accessing information is possible through multiple platforms and devices, I’ve often found the complexity of data security to be overwhelming. Balancing the convenience of accessing data anywhere, anytime, with the necessity of keeping that data secure, has always been a challenge. What excites me about this research is its potential to simplify this balancing act. By focusing on attribute-based access control (ABAC), the research offers a way to manage security that aligns with the dynamic nature of modern data usage. ABAC’s ability to tailor security measures based on specific attributes of users means that security can be both robust and flexible, adapting to the diverse roles and needs within an organization. Moreover, the idea of making data locations transparent and creating an illusion of infinite resources is fascinating. It speaks to a future where users can engage with technology seamlessly, without the burden of managing the underlying complexities. This is not just about improving security—it’s about enhancing the overall user experience, making technology work intuitively for us rather than us having to work around it.
Dr. HDR. Frederic ANDRES, IEEE Senior Member, IEEE CertifAIEd Authorized Lead Assessor (Affective Computing)
National Institute of Informatics

This page is a summary of: Leverage Data Security Policies Complexity for Users: An End-to-End Storage Service Management in the Cloud Based on ABAC Attributes, January 2024, Springer Science + Business Media,
DOI: 10.1007/978-3-031-59933-0_14.
You can read the full text:

Read

Resources

Presentation
Leverage data security policies complexity for users: an end-to-end storage service management in the Cloud based on ABAC attributes
This research presents a method to ease the management of data security from the user point of view. Nowadays, users have many ways to access the same data: direct connection to the host, shared filesystem or web drive-like solutions. This leads to complex data access control policies. At the same time, users have more and more liberty in resource instantiation. They can benefit from various self service storage facilities from many Cloud operators in an on-premise or remote way. Moreover, interfaces with these providers are designed in a way that real locations of data are hidden to give an illusion of infinite resources availability. Obviously, Cloud providers have many ways to fine tune resource allocation but users may not be aware of it. With this growth of resource distribution, access control also evolved. Formerly, a simple access control scheme based on identity was sufficient for data security (IBAC). With the complexity increase of access control, new schemes emerged based on roles (RBAC) or attributes (ABAC). We will investigate the last one because attributes rules access control but it also gives information on a user’s profile that may be used to ease the creation and configuration of data services on distributed resources such as Cloud providers.

Contributors

The following have contributed to this page

Making Data Security Simple: Cloud Storage Management Using ABAC Attributes

What is it about?

Why is it important?

Perspectives

Resources