Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form


Takabi, Hassan (2013) A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Primary Text

Download (6MB) | Preview


Cloud computing paradigm has gained tremendous momentum and generated intensive interest.
Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption.

In this dissertation, we mainly focus on issues related to policy management and access control in the cloud.
Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs).
Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored.
Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs.

In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component.
In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments.
We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints.
We present a proof of concept implementation of the proposed framework and provide some performance evaluation.

In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Takabi, Hassan
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairJoshi, James B.D.jjoshi@sis.pitt.eduJJOSHI
Committee MemberSpring, Michael Bspring@pitt.eduSPRING
Committee MemberKarimi, Hassan A.hkarimi@pitt.eduHKARIMI
Committee MemberKrishnamurthy, PRASHK
Committee MemberAhn,
Date: 27 August 2013
Date Type: Publication
Defense Date: 12 July 2013
Approval Date: 27 August 2013
Submission Date: 29 July 2013
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 113
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Information Science
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: cloud computing, policy management, semantic web, access control, policy evolution, role mining.
Date Deposited: 27 Aug 2013 20:50
Last Modified: 15 Nov 2016 14:14


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item