article

An access control model for cloud computing

Authors:

Younis A. Younis,

Kashif Kifayat,

Madjid MerabtiAuthors Info & Claims

Journal of Information Security and Applications, Volume 19, Issue 1

Pages 45 - 60

https://doi.org/10.1016/j.jisa.2014.04.003

Published: 01 February 2014 Publication History

Abstract

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security requirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Mandatory Access Control (MAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil cloud's access control requirements. This is because cloud computing has a diverse set of users with different sets of security requirements. It also has unique security challenges such as multi-tenant hosting and heterogeneity of security policies, rules and domains. This paper presents a detailed access control requirement analysis for cloud computing and identifies important gaps, which are not fulfilled by conventional access control models. This paper also proposes an access control model to meet the identified cloud access control requirements. We believe that the proposed model can not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permission to the same cloud user and gives him/her the ability to use multiple services securely.

References

[1]

A model for attribute-based user-role assignment. In: 18th Annual Computer Security Applications Conference, 2002. Proceedings, IEEE Comput. Soc. pp. 353-362.

[2]

A distributed access control architecture for cloud computing. Softw IEEE. v29 i2. 36-44.

[3]

Ensuring access control in cloud provisioned healthcare systems. In: Consumer Communications and Networking Conference (CCNC), 2011 IEEE, pp. 247-251.

[4]

Security Engineering: a guide to building dependable distributed systems. John Wiley & Sons.

[5]

Methods for access control: advances and limitations. Harvey Mudd College.

[6]

Secure computer systems: mathematical foundations.

[7]

The power of cloud. Driving business model innovation. IBM Institute for Business.

[8]

Integrity considerations for secure computer systems. Bedford, MA.

[9]

An approach to modular and testable security models of real-world health-care applications. In: SACMAT'11. Proceedings of the 16th ACM symposium on Access Control Models and Technologies, pp. 133-142.

[10]

Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, 2007. SP '07, pp. 222-230.

[11]

A strong user authentication framework for cloud computing. In: 2011 IEEE Asia-Pacific Services Computing Conference, IEEE. pp. 110-115.

[12]

Heterogeneous cloud computing. In: 2011 IEEE International Conference on Cluster Computing, IEEE. pp. 378-385.

[13]

Top threats to cloud computing V1.0. Cloud Security Alliance.

[14]

A role-based access control model and reference implementation within a corporate intranet. ACM Trans Inf Syst Secur. v2 i1. 34-64.

Digital Library

[15]

Mike Meyers' CISSP(R) Certification Passport. 2002. 1st ed. McGraw-Hill, United States.

[16]

Capability-based delegation model in RBAC. In: Proceeding of the 15th ACM symposium on Access control models and technologies - SACMAT '10, ACM Press, New York, New York, USA. pp. 109-118.

[17]

The computational complexity of enforceability validation for generic access control rules. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing - Vol 1 (SUTC'06), IEEE. pp. 260-267.

[18]

Guidelines for access control system evaluation metrics. National Institute of Standards and Technology.

[19]

Towards semantic-enhanced attribute-based access control for cloud services. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, IEEE. pp. 1223-1230.

[20]

A unified attribute-based access control model covering DAC, MAC and RBAC. In: DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, vol. 7371. pp. 41-55.

[21]

From ABAC to ZBAC: the evolution of access control models. HP Laboratories-2009-30.

[22]

Requirements for scalable access control and security management architectures. ACM Trans Internet Technol. v7 i2. 22

[23]

Protection. In: Fifth Princeton Symposium on Information Sciences and Systems, Princeton University, Princeton, NJ. pp. 18-24.

[24]

Access control (v0. 1).

[25]

A refined RBAC model for cloud computing. In: 2012 IEEE/ACIS 11th International Conference on Computer and Information Science, IEEE. pp. 43-48.

Digital Library

[26]

Secure virtualization for cloud computing. J Netw Comput Appl. v34 i4. 1113-1122.

[27]

Comparative analysis of access control systems on cloud. In: 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, IEEE. pp. 41-46.

[28]

The NIST definition of cloud computing. NIST Special Publication.

[29]

The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IEEE. pp. 447-451.

[30]

Administrative models for role-based access control. George Mason University.

[31]

Task-role-based access control model. Inf Syst. v28 i2002. 533-562.

[32]

Addressing interoperability issues in access control models. In: ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security, vol. 389-391.

[33]

Access control: policies, models, and mechanisms. Foundations of Security Analysis and Design.

[34]

Role-based access control models. Computer. v29 i2. 38-47.

[35]

A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl. v34 i1. 1-11.

Digital Library

[36]

A survey on access control deployment. Secur Technol. v259. 11-20.

[37]

Semantic access control for cloud computing based on e-Healthcare. In: Proceedings of the 2012 IEEE 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD), IEEE. pp. 512-518.

[38]

Security and privacy challenges in cloud computing environments. Secur Privacy, IEEE. v8 i6. 24-31.

[39]

Research on trust-based access control model in cloud computing. In: 2011 6th IEEE Joint International Information Technology and Artificial Intelligence Conference, IEEE. pp. 339-344.

[40]

An efficient role based access control system for cloud computing. In: 2011 IEEE 11th International Conference on Computer and Information Technology, IEEE. pp. 97-102.

[41]

Role-based access-control using reference ontology in clouds. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, vol. 2. IEEE. pp. 121-128.

[42]

HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur. v7 i2. 743-754.

[43]

Ensuring data storage security in cloud computing. In: 2009 17th International Workshop on Quality of Service, IEEE. pp. 1-9.

[44]

The design of a trust and role based access control model in cloud computing. In: 2011 6th International Conference on Pervasive Computing and Applications, IEEE. pp. 330-334.

[45]

Security and privacy issues within the cloud computing. In: 2011 International Conference on Computational and Information Sciences, IEEE. pp. 175-178.

[46]

Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, IEEE. pp. 1-9.

Cited By

Kaur AVerma A(2023)Adaptive Access Control Mechanism (AACM) for Enterprise Cloud ComputingJournal of Electrical and Computer Engineering10.1155/2023/39223932023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/3922393
Ali MQiu MSchmeelk S(2023)Access Control, Biometrics, and the FutureProceedings of the 2023 5th International Conference on Image, Video and Signal Processing10.1145/3591156.3591158(10-17)Online publication date: 24-Mar-2023
https://dl.acm.org/doi/10.1145/3591156.3591158
Zahoor EKhan HAkhtar SPerrin O(2022)A Blockchain-Based Approach for Secure Data Migration From the Cloud to the Decentralized Storage SystemsInternational Journal of Web Services Research10.4018/IJWSR.29668819:1(1-20)Online publication date: 30-Jun-2022
https://dl.acm.org/doi/10.4018/IJWSR.296688
Show More Cited By

An access control model for cloud computing
1. Security and privacy
  1. Security services
  2. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Different Access Control Mechanisms for Data Security in Cloud Computing
ICCBDC '17: Proceedings of the 2017 International Conference on Cloud and Big Data Computing

IT companies are largely adopting the emerging technology of cloud computing. Cloud computing technology provides cost-efficient computing resources with increased flexibility, and scalability. The primary concerns in cloud computing implementation are ...
Collaboration-Based Cloud Computing Security Management Framework
CLOUD '11: Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing

Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-...
Federated Identity Access Broker Pattern for Cloud Computing
NBIS '13: Proceedings of the 2013 16th International Conference on Network-Based Information Systems

With the adoption of cloud computing, a multitude of front-end mobile devices are emerging that require access to services in the cloud. Applications in the cloud are now commonly deployed as software as a service (SaaS). However, with the introduction ...

Comments

Information & Contributors

Information

Published In

Copyright © Elsevier Ltd © 2014.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 01 February 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kaur AVerma A(2023)Adaptive Access Control Mechanism (AACM) for Enterprise Cloud ComputingJournal of Electrical and Computer Engineering10.1155/2023/39223932023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/3922393
Ali MQiu MSchmeelk S(2023)Access Control, Biometrics, and the FutureProceedings of the 2023 5th International Conference on Image, Video and Signal Processing10.1145/3591156.3591158(10-17)Online publication date: 24-Mar-2023
https://dl.acm.org/doi/10.1145/3591156.3591158
Zahoor EKhan HAkhtar SPerrin O(2022)A Blockchain-Based Approach for Secure Data Migration From the Cloud to the Decentralized Storage SystemsInternational Journal of Web Services Research10.4018/IJWSR.29668819:1(1-20)Online publication date: 30-Jun-2022
https://dl.acm.org/doi/10.4018/IJWSR.296688
Liu ZMeng LZhao QLi FSong MDai DYang XGuan SWang YTian H(2022)A Blockchain-Based Privacy-Preserving Publish-Subscribe Model in IoT Multidomain Data SharingWireless Communications & Mobile Computing10.1155/2022/23813652022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2381365
Abdelfattah DHassan HOmara F(2022)A novel role-mapping algorithm for enhancing highly collaborative access control systemDistributed and Parallel Databases10.1007/s10619-022-07407-940:2-3(521-558)Online publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1007/s10619-022-07407-9
Kumar VSingh J(2021)End-User-Driven Approach for Regulatory Compliance in the Public CloudInternational Journal of Service Science, Management, Engineering, and Technology10.4018/IJSSMET.202105010112:3(1-19)Online publication date: 1-May-2021
https://dl.acm.org/doi/10.4018/IJSSMET.2021050101
A. Younis YSami ANaje S(2021)Blockchain and Cryptocurrencies in Libya: a StudyThe 7th International Conference on Engineering & MIS 202110.1145/3492547.3492594(1-7)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3492547.3492594
Xu ZPetrunin ITsourdos A(2021)Dynamic Spectrum Management with Network Function Virtualization for UAV CommunicationJournal of Intelligent and Robotic Systems10.1007/s10846-021-01318-0101:2Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1007/s10846-021-01318-0
Cui ZXu F(2020)Research on Security of Access Control for Cloud Computing EnvironmentSecurity, Privacy, and Anonymity in Computation, Communication, and Storage10.1007/978-3-030-68851-6_10(145-158)Online publication date: 18-Dec-2020
https://dl.acm.org/doi/10.1007/978-3-030-68851-6_10
Pradhan P(2019)A Literature Survey on Risk Assessment for Unix Operating SystemInternational Journal of Advanced Pervasive and Ubiquitous Computing10.4018/IJAPUC.201907010211:3(13-32)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.4018/IJAPUC.2019070102
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents