A Semi-distributed Access Control Management Scheme for Securing Cloud Environment

Despite numerous advantages that cloud computing offer (e.g., Flexibility, elasticity, scalability, etc.), many potential clients are still hesitant to join the cloud due to their security and privacy concerns. Outsourcing the data to a cloud in a multitenant environment brings many security challenges including data leaks, threats, and malicious attacks. The cloud computing platform, virtual servers, and the provider's services are highly dynamic and diverse in nature, making the traditional access control mechanisms (e.g., Firewalls and VLAN etc.) less effective in controlling the unauthorized access to cloud's data and resources. Several access control policies and authorization system have been proposed in literature to defend against cloud security threats. Most of these systems are designed to work with one or more access control policies. However, little work has been done to develop generic access control architecture capable to work with most of the available access control policies. In this paper, we present a new access control architecture using a global resource management system (GRMS) to effectively handle both local and remote access requests. The introduction of GRMS makes our proposed architecture semi distributed at the expense of minimal request-response time. In addition, our proposed architecture works effectively with both peered access control module (PACM) and virtual resource manager (VRM) to protect and manage all resources and services of cloud providers from unauthorized access.

[1]  Abdul Raouf Khan,et al.  ACCESS CONTROL IN CLOUD COMPUTING ENVIRONMENT , 2012 .

[2]  G. Geetha Kumari,et al.  API access control in cloud using the Role Based Access Control Model , 2010, Trendz in Information Sciences & Computing(TISC2010).

[3]  Vasudeva Varma,et al.  Towards Analyzing Data Security Risks in Cloud Computing Environments , 2010, ICISTM.

[4]  Manoj V. Thomas,et al.  Agent-based approach for distributed access control in cloud environments , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[5]  David W. Chadwick,et al.  Adding Federated Identity Management to OpenStack , 2013, Journal of Grid Computing.

[6]  K Punithasurya,et al.  Analysis of Different Access Control Mechanism in Cloud , 2012 .

[7]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[8]  Carla Merkle Westphall,et al.  A dynamic risk-based access control architecture for cloud computing , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[9]  Dengguo Feng,et al.  Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing , 2005, IACR Cryptol. ePrint Arch..

[10]  Wei Li,et al.  A Refined RBAC Model for Cloud Computing , 2012, 2012 IEEE/ACIS 11th International Conference on Computer and Information Science.

[11]  Valentin Cristea,et al.  Secure Access to Cloud Resources , 2013, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[12]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[13]  Stefan Berger,et al.  Security for the cloud infrastructure: Trusted virtual data center implementation , 2009, IBM J. Res. Dev..

[14]  Kenli Li,et al.  A New RBAC Based Access Control Model for Cloud Computing , 2012, GPC.

[15]  Madjid Merabti,et al.  An access control model for cloud computing , 2014, J. Inf. Secur. Appl..

[16]  Xinwen Zhang,et al.  Securing elastic applications on mobile devices for cloud computing , 2009, CCSW '09.

[17]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.