Title :
Risk-Based Usage Control for Service Oriented Architecture
Author :
Krautsevich, Leanid ; Lazouski, Aliaksandr ; Martinelli, Fabio ; Yautsiukhin, Artsiom
Author_Institution :
Dept. of Comput. Sci., Univ. of Pisa, Pisa, Italy
Abstract :
In Service Oriented Architecture (SOA) data belonging to a client (data provider) is often processed by a provider (data consumer). During this processing the data can be compromised. A client wants to be sure that its data is used in the least risky way while is under provider´s control. The risk level should be low when access to the data is granted and should remain low during the whole interaction and, maybe, some time after. Therefore, a client has to consider closely various providers and decide which one provides the service with the smallest risk. More importantly, the risk has to be constantly recomputed after granting the access to the data, i.e., usage of data must be controlled. In this work we propose a method to empower usage control with a risk-based decision making process for more efficient and flexible control of access to data. Employing this idea we show how to select a service provider using risk, re-evaluate the risk level when some changes have happened and how to improve an infrastructure in order to reduce the risk level.
Keywords :
authorisation; data handling; risk analysis; software architecture; data access; data consumer; data provider; risk-based usage control; service oriented architecture; Access control; Clouds; Companies; Computer science; Decision making; Outsourcing; Process control; Protection; Service oriented architecture; Web services; Security; risk; service oriented architecture; usage control;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2010 18th Euromicro International Conference on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-5672-7
Electronic_ISBN :
1066-6192
DOI :
10.1109/PDP.2010.46
