A risk calculus extension to the XACML language

Abstract

The increase of dynamic cloud computing environments introduces the need for new ways of access control in applications. One access control model which adapts flexibly to such systems on the Internet is the RAdAC (Risk-Adaptive Access Control). This model is based on the user confidence degree and the risk of releasing access to some information taking into account the context in which a request is performed. However, in practice, to use such model it is necessary to implement a technological support as, for example, extending the access control architecture present in the XACML (eXtensible Access Control Markup Language). This paper extends the XACML access control architecture to support the RAdAC model providing a quantitative, concrete and dynamic risk calculus in order to improve the access control in cloud environments. A prototype was developed in Amazon EC2 cloud environment to perform dynamic access control policies using the proposed XACML extension. Some risk calculus tests are described in the paper to exemplify the RAdAC decisions.