Access Control Model Based on Trust and Risk Evaluation in IDMaaS

As cloud computing technology develops rapidly, more convenience has been brought to users by various cloud providers with various cloud services. However, difficulty of management, especially when different access control protocols and personal information involved, has become one of barriers that inhibit the development process of cloud technology. In this paper, a user-centered ID MaaS (Identity Management as a Service) is proposed combined with a novel access control model based on trust and risk evaluation. Besides, a format-preserving encryption (FPE) method is proposed as an auxiliary scheme guaranteeing the effectiveness of access control. ID MaaS offers a solution that effectively alleviates the difficulty of realizing unified management of users' identity and information among diverse cloud service providers.

[1]  Jianwei Chen,et al.  Efficient decentralized attribute-based access control for cloud storage with user revocation , 2014, 2014 IEEE International Conference on Communications (ICC).

[2]  Ahmad-Reza Sadeghi,et al.  ConXsense: automated context classification for context-aware access control , 2013, AsiaCCS.

[3]  Tom Kirkham,et al.  The Personal Data Store Approach to Personal Data Security , 2013, IEEE Security & Privacy.

[4]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[5]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[6]  Shahaboddin Shamshirband,et al.  BSS: block-based sharing scheme for secure data storage services in mobile cloud environment , 2014, The Journal of Supercomputing.

[7]  Deborah Estrin,et al.  Personal data vaults: a locus of control for personal data streams , 2010, CoNEXT.

[8]  Yixin Jiang,et al.  Enforcing scalable and dynamic hierarchical access control in cloud computing , 2012, 2012 IEEE International Conference on Communications (ICC).

[9]  Alessandro Armando,et al.  Attribute based access control for APIs in spring security , 2014, SACMAT '14.

[10]  W. Hartup,et al.  Friendships and adaptation in the life course. , 1997 .

[11]  Anwitaman Datta,et al.  Streamforce: outsourcing access control enforcement for stream data to the clouds , 2013, CODASPY '14.

[12]  Lukas Malina,et al.  Privacy-Friendly Access Control Based on Personal Attributes , 2014, IWSEC.

[13]  Muttukrishnan Rajarajan,et al.  LSD-ABAC: Lightweight static and dynamic attributes based access control scheme for secure data access in mobile environment , 2014, 39th Annual IEEE Conference on Local Computer Networks.

[14]  Natarajan Meghanathan Review of Access Control Models for Cloud Computing , 2013 .

[15]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[16]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.