Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

A generic Kerberos-based access control system for the cloud

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Access control systems are often seen as the most effective tool to address the security challenges faced by cloud computing. Most of the proposed approaches are designed for specific application domains or service models. The goal of this paper is to propose a generic access control system for the cloud that is applicable to the different cloud service models. We rely on Kerberos as well as access control lists and authorization tickets for the implementation of access control and no replay. We use CloudSim to evaluate our proposal and show that it has an acceptable overhead. We also show that the architecture’s elasticity has no significant impact on the access time. To prove its feasibility, we implemented the proposed solution over an Openstack cloud platform integrated within Kerberos.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. https://cloud.google.com/storage/docs/access-control

  2. http://web.mit.edu/kerberos/

  3. docs.openstack.org/admin-guide-cloud/content/ch_getting-started-with-openstack.html

References

  1. Altmann J, Courcoubetis C, Risch M (2010) A marketplace and its market mechanism for trading commoditized computing resources. Ann Telecommun 65:653–667

    Article  Google Scholar 

  2. Mohammed AAB, Altmann J (2010) A funding and governing model for achieving sustainable growth of computing e-infrastructures. Ann Telecommun 65:739–756

    Article  Google Scholar 

  3. Maghanathan N (2013) Review of access control models for cloud computing. Comp Sci Info Sci 3(1):77–85

    Google Scholar 

  4. Younis YA, Kifayat K, Merabti M (2014) An access control model for cloud computing. J Info Secur Appl 19(1):45–60

    Google Scholar 

  5. Yao X, Han X, Du X (2014) A lightweight access control mechanism for mobile cloud computing. In: Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp 380–385

  6. Keromytis AD, Smith JM (2007) Requirements for scalable access control and security management architectures. ACM Trans Internet Technol (TOIT) 7(2):8

    Article  Google Scholar 

  7. Choudhury AJ, Kumar P, Sain M, Lim H, Jae-Lee H (2011) A strong user authentication framework for cloud computing. In: Services Computing Conference (APSCC), 2011 I.E. Asia-Pacific, IEEE., pp 110–115

    Chapter  Google Scholar 

  8. Wang W, Han J, Song M, Wang X (2011) The design of a trust and role based access control model in cloud computing. In: Pervasive Computing and Applications (ICPCA), 2011 6th International Conference on, IEEE., pp 330–334

    Chapter  Google Scholar 

  9. Crago S, Dunn K, Eads P, Hochstein L, Kang D-I, Kang M, Modium D, Singh K, Suh J, Walters JP (2011) Heterogeneous cloud computing. In: IEEE International Conference on Cluster Computing (CLUSTER), 2011, pp 378–385

  10. Patil V, Mei A, Mancini LV (2007) Addressing interoperability issues in access control models. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security, ACM., pp 389–391

    Google Scholar 

  11. Lin G, Bie Y, Lei M (2013) Trust based access control policy in multi-domain of cloud computing. J Comp 8(5):1357–1365

    Google Scholar 

  12. Hu VC, Kuhn DR, Ferraiolo DF (2006) The computational complexity of enforceability validation for generic access control rules. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006, IEEE., p 7

  13. Hasebe K, Mabuchi M, Matsushita A (2010) Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM symposium on Access control models and technologies, ACM., pp 109–118

    Chapter  Google Scholar 

  14. Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L, Zagorodnov D (2009) The eucalyptus open-source cloud-computing system. In: 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, 2009. CCGRID’09, pp 124–131

  15. Shafiq B, Joshi JB, Bertino E, Ghafoor A (2015) Secure interoperation in a multidomain environment employing RBAC policies. Knowl Data Eng IEEE Transactions 17(11):1557–1577

    Article  Google Scholar 

  16. Almutairi AA, Sarfraz MI, Basalamah S, Aref WG, Ghafoor A (2011) A distributed access control architecture for cloud computing. IEEE Softw 2:36–44

    Google Scholar 

  17. Ruj S, Nayak A, Stojmenovic I (2011) Dacc: distributed access control in clouds. In: 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 I.E., pp 91–98

  18. Namasudra S, Nath S, Majumder A (2014) Profile based access control model in cloud computing environment. In: IEEE International Conference on Green Computing Communication and Electrical Engineering (ICGCCEE), 2014, pp 1–5

  19. Musca C, Ion A, Leordeanu C, Cristea V (2013) Secure access to cloud resources. In: Eight IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2013, pp 554–558

  20. David C (2009) Introducing the Windows Azure Platform

    Google Scholar 

  21. Khaled A, Husain MF, Khan L, Hamlen KW, Thuraisingham B (2010) A token-based access control system for RDF data in the clouds. In: Second International Conference on Cloud computing technology and science (CloudCom), 2010

  22. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE

    Google Scholar 

  23. Yu S, Ren K, Lou W, Li J (2009) Defending against key abuse attacks in kp-abe enabled broadcast systems. In. Security and Privacy in Communication Networks. Athens, Greece, 2009.

  24. Ateniese G, Kevin F, Matthew G, Susan H (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. In: ACM Transactions on Information and System Security., pp 1–30

    Google Scholar 

  25. Toshihiko M (2007) Proxy re-encryption systems for identity-based encryption. In. Pairing-Based Cryptography Pairing. Tokyo, Japan, LNCS, pp 247–267

  26. Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: 32nd International Conference on Distributed computing systems (ICDCS), 2012

  27. Liu X, Xia Y, Jiang S, Xia F, Wang Y (2013) Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In: 12th IEEE International Conference on Trust, security and privacy in computing and communications (TrustCom), 2013, IEEE., pp 477–484

  28. Lin G, Wang D, Bie Y, Lei M (2014) MTBAC: a mutual trust based access control model in cloud computing. Communications China 11(4):154–162

    Article  Google Scholar 

  29. Eric S, Bruce D, Hégarat-Mascle SL (2002) Application of ant colony optimization to adaptive routing in aleo telecomunications satellite network. Ann Telecommun 57:520–539

    Google Scholar 

  30. Brucker AD, Brugger L, Kearney P, Wolff B (2011) An approach to modular and testable security models of real-world health-care applications. In: Proceedings of the 16th ACM symposium on access control models and technologies, ACM., pp 133–142

    Chapter  Google Scholar 

  31. Suhendra V (2011) A survey on access control deployment. In. Security Technology, Korea, Springer 2011, pp. 11–20.

  32. Buyya R, Ranjan R, Calheiros R (2009) Modeling and simulation of scalable cloud computing environments and the CloudSim toolkit: challenges and opportunities, CoRR., pp 1–11

    Google Scholar 

  33. Buyya R, Calheiros R, Ranjan R, Rose CD (2009) CloudSim: a novel framework for modeling and simulation of cloud computing infrastructures and services, CoRR, Technical Report GRIDS-TR-2001-1, Grid Computing and Distributed Systems laboratory, The University of Melbourne, Australia, March 2009

  34. Calheiros R, Rajiv R, Anton B, César DR, Rajkumar B (2011) CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Software: Practice and Experience 41:23–50

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CRISTAL Lab., National School of Computer Science, Manouba University, Manouba, Tunisia

    Hella Kaffel-Ben Ayed

  2. LIPAH Lab., Faculty of Science of Tunis, El Manar University, Tunis, Tunisia

    Bilel Zaghdoudi

Authors
  1. Hella Kaffel-Ben Ayed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bilel Zaghdoudi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hella Kaffel-Ben Ayed.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kaffel-Ben Ayed, H., Zaghdoudi, B. A generic Kerberos-based access control system for the cloud. Ann. Telecommun. 71, 555–567 (2016). https://doi.org/10.1007/s12243-016-0534-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-016-0534-7

Keywords

Search

Navigation