干旱区生态环境知识资源中心

Today modern computing systems leverage distributed models such as cloud, grid, etc. One of the obstacles of wide spreading these distributed computing models is security challenges which includes access control problem. These computing models because of providing features like on-demand self-service, ubiquitous network access, rapid elasticity and scalability, having dynamic infrastructure and offering measured service, need a powerful and continuous control over access and usage session. Usage control (UCON) model is emerged to cover some drawbacks of traditional access control models with features like attribute mutability and continuity of control. Several recent works have been done to apply UCON for distributed computing environments, but none of them could cover all aspects of the model. In this paper we propose an architecture for applying UCON model in cloud environments. Moreover we present a new architecture for obligation handling. We also introduce a new approach to handle attribute mutability. For implementation we have extended XACML syntax and semantics as policy language and leveraged Sun's OASIS XACML implementation.