This work proposes an access control mechanism in supporting
the characteristics of cloud service: payment status and service level.
A set of policy conflict analysis rules and access denying rules
are introduced in CSAC. The proposed CSAC mechanism uses rules
and ontology to detect conflict between inconsistent policies and
block inappropriate user access. The system architecture and database
are proposed to support CSAC. A case study demonstrates
how the CSAC mechanism detects policy conflicts and denies illegal
user accesses.
This work does not use the standard ontology language such as
Web Ontology Language (OWL) to represent CSAC ontologies for
two reasons. First of all, the deadlock problem is inevitable in the
file systems which are used by OWL. The relational database systems
which are used in this work is able to handle the deadlock issue.
Second, some relationships are not included in the standard
ontology language. For example, the exclusion relationship is not
considered in the OWL standard. The standard sometimes limits
the system design and innovation