Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Ontology-based access control model for security policy reasoning in cloud computing
Choi C., Choi J., Kim P. The Journal of Supercomputing67 (3):711-722,2014.Type:Article
Date Reviewed: Jan 12 2015

The title of this paper indicates that it is about an access control model geared toward cloud computing. However, it is not indicated what resources of the cloud are being controlled. The resources at the infrastructure as a service (IaaS) level cannot be controlled by the users of the cloud, who control only what they put onto their virtual machines. The owner of an application at the software as a service (SaaS) level could use his model to control access to the resources of the application, but this is not stated explicitly. The authors also indicate that the model is intended to control internal users of the cloud, but it is not clear what they mean by “internal” users; there are several types of users in a cloud system.

This lack of precision and the lack of a formal model make this work of very dubious value. The model has not been implemented; an actual implementation could have answered questions about the model’s performance overhead. An abstract model is never shown. A later section shows some details of expressing policies using an ontological language, but does not discuss the logic of the policies, which should come from the access model. In some parts of the paper, it is not clear what the authors are trying to express. I am surprised that this paper got through the referees.

Reviewer:  E. B. Fernandez Review #: CR143072 (1505-0400)
Bookmark and Share
  Featured Reviewer  
 
Cloud Computing (C.2.4 ... )
 
 
Access Controls (D.4.6 ... )
 
 
Ontologies (I.2.4 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Cloud Computing": Date
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (1 of 3)
Dec 14 2009
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (2 of 3)
Jan 26 2010
Cloud security and privacy: an enterprise perspective on risks and compliance
Mather T., Kumaraswamy S., Latif S., O’Reilly Media, Inc., Sebastopol, CA, 2009.  336, Type: Book (9780596802769), Reviews: (3 of 3)
Mar 18 2010
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy