A semantic-based access control for ensuring data security in cloud computing

Ensuring data security in cloud is an important research issue. Data access Control isan efficient way for guaranteeing the data security. Data access cannot be controlled safely and efficiently, unless access decision takes semantic relationship among different entities in the access control domain. Accessdecisions made with considering entities in isolation, rather than taking their interrelationships into account may result in security violations. Traditional access control models like MAC, DAC, RBAC fails to consider interrelationships among access control entities. In this paper, we propose a Semantic Based AccessControl model, which considers relationships among the entities in all domains of access control namely Subject(user), Object(Data/resource), Action(select, open, read, write) and so on. We also had shown how to reduce the semantic interrelationships into subsumption problem. This reduction facilitates the propagation of policies in these domains and also enhances time and space complexity of access control mechanisms.

[1]  Gabriel Antoniu,et al.  Managing Data Access on Clouds: A Generic Framework for Enforcing Security Policies , 2011, 2011 IEEE International Conference on Advanced Information Networking and Applications.

[2]  Teresa F. Lunt Aggregation and inference: facts and fallacies , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[4]  Tim Wright,et al.  Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online , 2009 .

[5]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[6]  A. Gatto,et al.  ACTkit: A Framework for the Definition and Enforcement of Role, Content and Context-based Access Control Policies , 2012, IEEE Latin America Transactions.

[7]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[8]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[9]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[10]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[11]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[12]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008 .

[13]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[14]  Manas Ranjan Patra,et al.  Evolution of Cloud Computing and Enabling Technologies , 2012, CloudCom 2012.

[15]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[16]  Sabrina De Capitani di Vimercati,et al.  Minimal data upgrading to prevent inference and association attacks , 1999, PODS '99.

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Abderrahim Marzouk,et al.  TOrBAC: A Trust Organization Based Access Control Model for Cloud Computing Systems , 2012 .

[19]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[20]  James B. D. Joshi,et al.  Access-Control Language for Multidomain Environments The XML Role-Based Access Control ( X-RBAC ) specification language addresses multidomain environments , 2004 .