On the Complexity of Authorization of Temporal RBAC in Cloud Computing Service

Cloud computing provides a powerful environment for growing a variety of services and data. Role-Based Access Control (RBAC) has widely been accepted as a promising model to capture dynamic requirements in cloud computing service. Constraints are a powerful mechanism for enforce higher-level organizational policy for RBAC. In this paper, we study temporal constraints and role-based constraints, and propose Temporal Constraint Consistency Problem (TCCP). We study the computational complexities of TCCP in different subcases and generate a valid assignment to satisfy all the constraints, then reduce them into general P, NP and NP-Hard problems. By this way, we can provide a possible solution to the conflicting constraints which may coexist in a cloud computing environment.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[3]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[4]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[5]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[8]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[9]  Elisa Bertino,et al.  On the Complexity of Authorization in RBAC under Qualification and Security Constraints , 2011, IEEE Transactions on Dependable and Secure Computing.

[10]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[11]  Kenli Li,et al.  Security Analysis and Validation for Access Control in Multi-domain Environment Based on Risk , 2010, ISPEC.

[12]  Hong Chen,et al.  Constraint generation for separation of duty , 2006, SACMAT '06.

[13]  Ji Gao-feng Workflow engine on top of temporal relational algebra , 2006 .

[14]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[15]  Gail-Joon Ahn,et al.  Towards temporal access control in cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.