An access control model for cloud computing

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security requirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Mandatory Access Control (MAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil cloud's access control requirements. This is because cloud computing has a diverse set of users with different sets of security requirements. It also has unique security challenges such as multi-tenant hosting and heterogeneity of security policies, rules and domains. This paper presents a detailed access control requirement analysis for cloud computing and identifies important gaps, which are not fulfilled by conventional access control models. This paper also proposes an access control model to meet the identified cloud access control requirements. We believe that the proposed model can not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permission to the same cloud user and gives him/her the ability to use multiple services securely.

[1]  Wei Li,et al.  A Refined RBAC Model for Cloud Computing , 2012, 2012 IEEE/ACIS 11th International Conference on Computer and Information Science.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[4]  Hua Wang,et al.  Semantic access control for cloud computing based on e-Healthcare , 2012, Proceedings of the 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[5]  Muhammad Awais Shibli,et al.  Comparative Analysis of Access Control Systems on Cloud , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[6]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[8]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[9]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[10]  Liu Weidong,et al.  An Efficient Role Based Access Control System for Cloud Computing , 2011, 2011 IEEE 11th International Conference on Computer and Information Technology.

[11]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[12]  Meina Song,et al.  The design of a trust and role based access control model in cloud computing , 2011, 2011 6th International Conference on Pervasive Computing and Applications.

[13]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[14]  Ei Ei Mon,et al.  The privacy-aware access control system using attribute-and role-based access control in private cloud , 2011, 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology.

[15]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[17]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[19]  Karen A. Scarfone,et al.  Guidelines for Access Control System Evaluation Metrics , 2012 .

[20]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[21]  Ravi S. Sandhu,et al.  A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[22]  Zahid Iqbal,et al.  Towards Semantic-Enhanced Attribute-Based Access Control for Cloud Services , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[23]  Michael Meyers,et al.  Mike Meyers' Network+ Certification Passport , 2002 .

[24]  Liu Yang,et al.  Research on trust-based access control model in cloud computing , 2011, 2011 6th IEEE Joint International Information Technology and Artificial Intelligence Conference.

[25]  Hyotaek Lim,et al.  A Strong User Authentication Framework for Cloud Computing , 2011, 2011 IEEE Asia-Pacific Services Computing Conference.

[26]  Akira Matsushita,et al.  Capability-based delegation model in RBAC , 2010, SACMAT '10.

[27]  Achim D. Brucker,et al.  An approach to modular and testable security models of real-world health-care applications , 2011, SACMAT '11.

[28]  D. Richard Kuhn,et al.  The computational complexity of enforceability validation for generic access control rules , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[29]  Mehmet Hadi Gunes,et al.  Ensuring access control in cloud provisioned healthcare systems , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[30]  Wei-Tek Tsai,et al.  Role-Based Access-Control Using Reference Ontology in Clouds , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[31]  Luigi V. Mancini,et al.  Addressing interoperability issues in access control models , 2007, ASIACCS '07.

[32]  Ziyuan Wang,et al.  Security and Privacy Issues within the Cloud Computing , 2011, 2011 International Conference on Computational and Information Sciences.

[33]  Qamar Munawer,et al.  Administrative models for role-based access control , 2000 .

[34]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[35]  Mikyung Kang,et al.  Heterogeneous Cloud Computing , 2011, 2011 IEEE International Conference on Cluster Computing.

[36]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[37]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[38]  Vivy Suhendra A Survey on Access Control Deployment , 2011, FGIT-SecTech.

[39]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[40]  Angelos D. Keromytis,et al.  Requirements for scalable access control and security management architectures , 2007, TOIT.