Abstract
As a pioneering surge of ICT technologies, offering computing resources on-demand, the exceptional evolution of Cloud computing has not gone unnoticed by the IT world. At the same time, security stands as a most prior concern for this new progressive computing capability of on-demand services over the Internet. Hence, access control substantiates one of the fundamental conditions to fortify the information and Cloud system against illegitimate access among all the security requirements of Cloud computing. Although diverse access control models have been proposed and implemented for the Cloud computing paradigm, the models may fail to accomplish the dynamic and scalable requirements of the Cloud system adequately. Therefore, we propose a dynamic authorization system for a Cloud computing environment that employs the concept of role, task, and trustworthiness of the user. In this paper, a framework has been proposed that offers characteristics of both passive and active access control along with the trusted computing, thereby, blending the model into a more fine-grained and dynamic for the Cloud computing environment. Subsequently, the implementation of the propounded scheme is reported to provide the proof-of-concept. Additionally, the evaluation and use case scenario of the propounded system has been carried out to proclaim its effectiveness over other conventional models.
Similar content being viewed by others
References
Abadi, M.: Logic in access control (tutorial notes). In: Aldini, A., Barthe, G., Gorrieri, R. (eds) International School on Foundations of Security Analysis and Design, Foundations of Security Analysis and Design V. FOSAD 2009, FOSAD 2007, FOSAD 2008. Lecture Notes in Computer Science, vol 5705, pp. 145–165. Springer, Berlin. https://doi.org/https://doi.org/10.1007/978-3-642-03829-7_5
Agrawal, N., Tapaswi, S.: A trustworthy agent-based encrypted access control method for mobile Cloud computing environment. Pervasive Mob. Comput. 52, 13–28 (2019). https://doi.org/10.1016/j.pmcj.2018.11.003
Alam, M., Emmanuel, N., Khan, T., Xiang, Y., Hassan, H.: Garbled role-based access control in the Cloud. J. Ambient Intell. Humaniz. Comput. 9(4), 1153–1166 (2018). https://doi.org/10.1007/s12652-017-0573-6
Anakath, A., Rajakumar, S., Ambika, S.: Privacy preserving multi factor authentication using trust management. Clust. Comput. 22, 10817–10823 (2019). https://doi.org/10.1007/s10586-017-1181-0
Anilkumar, C., Subramanian, S.: A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer–Peer Netw. Appl. (2020). https://doi.org/10.1007/s12083-020-00961-y
Cai, F., Zhu, N., He, J., Mu, P., Li, W., Yu, Y.: Survey of access control models and technologies for Cloud computing. Clust. Comput. 22, 6111–6122 (2019). https://doi.org/10.1007/s10586-018-1850-7
Fan, Z., Xiao, Y., Wang, C., Liu, B.: Research on access control in cloud storage system: from single to multi-clouds. Am. J. Softw. Eng. Appl. 7(1), 1–14 (2018). https://doi.org/10.11648/j.ajsea.20180701.11
Ghaffar, Z., Ahmed, S., Mahmood, K., Islam, H., Hassan, M., Fortino, G.: An improved authentication scheme for remote data access and sharing over cloud storage in cyber–physical–social-systems. IEEE Access 8, 47144–47160 (2020). https://doi.org/10.1109/ACCESS.2020.2977264
Ilankumaran, S., Deisy, C.: Multi-biometric authentication system using finger vein and iris in cloud computing. Clust. Comput. 22, 103–117 (2019). https://doi.org/10.1007/s10586-018-1824-9
Indu, I., Anand, R., Bhaskar, V.: Identity and access management in Cloud environment: mechanisms and challenges. Eng. Sci. Technol. Int. J. 21(4), 574–588 (2018). https://doi.org/10.1016/j.jestch.2018.05.010
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: DBSec’12 Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp. 41–55, 2012. https://doi.org/https://doi.org/10.1007/978-3-642-31540-4_4
Joseph, T., Kalaiselvan, S.A., Aswathy, S.U., Radhakrishnan, R., Shamna, A.R.: A multimodal biometric authentication scheme based on feature fusion for improving security in cloud environment. J. Ambient Intell. Humaniz. Comput. (2020). https://doi.org/10.1007/s12652-020-02184-8
Joshi, B., Shrivastava, M., Joshi, B.: Security threats and their mitigation in infrastructure as a service. Perspect. Sci. 8, 462–464 (2016). https://doi.org/10.1016/j.pisc.2016.05.001
Kamvar, S., Schlosser, M.T., Garcia-Molina, H.: The EigenTrust algorithm for reputation management in P2P networks. In: 12th International Conference on World Wide Web (WWW ’03), pp. 640–651. Association for Computing Machinery (2003). https://doi.org/10.1145/775152.775242
Kanwal, T., Anjum, A., Khan, A.: Privacy preservation in e-health cloud: taxonomy, privacy requirements, feasibility analysis, and opportunities. Clust. Comput. (2020). https://doi.org/10.1007/s10586-020-03106-1
Khilar, P., Chaudhari, V., Swain, R.: Trust-based access control in Cloud computing using machine learning. In: Das, H., Barik, R., Dubey, H., Roy, D. (eds) Cloud Computing for Geospatial Big Data Analytics, vol 49, pp. 55–79. Springer (2019). https://doi.org/https://doi.org/10.1007/978-3-030-03359-0_3
Li, J., Chen, X., Chow, S., Huang, Q., Wong, D., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in Cloud. J. Netw. Comput. Appl. 112, 89–96 (2018). https://doi.org/10.1016/j.jnca.2018.03.006
Li, W., Wan, H., Ren, X., Li, S.: A refined RBAC model for Cloud computing. In: 2012 ACIS 11th International Conference on Computer and Information Science, pp. 43–48. IEEE, Shanghai (2012). https://doi.org/https://doi.org/10.1109/ICIS.2012.13
Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale P2P computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011). https://doi.org/10.1016/j.jpdc.2011.01.007
Liu, C.: Cloud service access control system based on ontologies. Adv. Eng. Softw. 69, 26–36 (2014). https://doi.org/10.1016/j.advengsoft.2013.12.006
Mallare, I., Pancho-Festin, S.: Combining task- and role-based access control with multi-constraints for a medical workflow system. In: 2013 International Conference on IT Convergence and Security (ICITCS), pp. 1–4. IEEE, Macao (2013). https://doi.org/https://doi.org/10.1109/ICITCS.2013.6717814
Mammass, M., Ghadi, F.: An overview of access control models. Int. J. Appl. Evol. Comput. 6(4), 28–38 (2015). https://doi.org/10.4018/IJAEC.2015100103
Namasudra, S., Devi, D., Kadry, S., Sundarasekar, R., Shanthini, A.: Towards DNA based data security in the cloud computing environment. Comput. Commun. 151, 539–547 (2020). https://doi.org/10.1016/j.comcom.2019.12.041
Namasudra, S., Roy, P.: PpBAC: popularity based access control model for cloud computing. J. Organ. End User Comput. 30(4), 14–31 (2018). https://doi.org/10.4018/JOEUC.2018100102
Ngo, C., Demchenko, Y., Laat, C.: Multi-tenant attribute-based access control for Cloud infrastructure services. J. Inf. Secur. Appl. 27, 65–84 (2016). https://doi.org/10.1016/j.jisa.2015.11.005
Oh, S., Park, S.: Task–role-based access control model. Inf. Syst. 28(6), 533–562 (2003). https://doi.org/10.1016/S0306-4379(02)00029-7
Premkamal, P., Pasupuleti, S., Alphonse, P.J.: A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in Cloud. J. Ambient Intell. Humaniz. Comput. 10(2), 2693–2707 (2019). https://doi.org/10.1007/s12652-018-0967-0
Punithasurya, K., Jeba Priya, S.: Analysis of different access control mechanism in Cloud. Int. J. Appl. Inf. Syst. 4(2), 34–39 (2012). https://doi.org/10.5120/ijais12-450660
Qiu, L., Sun, X., Xu, J.: Categorical quantum cryptography for access control in Cloud computing. Soft Comput. 22, 6363–6370 (2018). https://doi.org/10.1007/s00500-017-2688-2
Ramu, G., Reddy, B.E., Jayanthi, A., Prasad, L.V.N.: Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health Technol. 9, 487–496 (2019). https://doi.org/10.1007/s12553-019-00304-9
Sainan, L.: Task-role-based access control model and its implementation. In: 2nd International Conference on Education Technology and Computer (ICETC). IEEE (2010). https://doi.org/10.1109/ICETC.2010.5529541
Samarati, P., Vimercati, S.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds) Foundations of Security Analysis and Design. FOSAD 2000. Lecture Notes in Computer Science, vol 2171, pp. 137–196. Springer, Berlin. https://doi.org/https://doi.org/10.1007/3-540-45608-2_3
Selvakumar, K., SaiRamesh, L., Sabena, S., Kannayaram, G.: CLOUD COMPUTING-TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. In: Satapathy, S.C., Bhateja, V., Das, S. (eds) Smart Intelligent Computing and Applications; Part of Smart Innovation, Systems and Technologies, vol 105, pp. 365–373. Springer (2019). https://doi.org/https://doi.org/10.1007/978-981-13-1927-3_39
Servos, D., Osborn, S.: Current research and open problems in attribute-based access control. ACM Comput. Surv. (2017). https://doi.org/10.1145/3007204
Singh, A., Chatterjee, K.: Trust-based access control model for securing electronic healthcare system. J. Ambient Intell. Humaniz. Comput. 10, 4547–4565 (2019). https://doi.org/10.1007/s12652-018-1138-z
Tahir, M., Sardaraz, M., Mehmood, Z., Muhammad, S.: CryptoGA: a cryptosystem based on genetic algorithm for cloud data security. Clust. Comput. (2020). https://doi.org/10.1007/s10586-020-03157-4
Tapas, N., Merlino, G., Longo, F.: Blockchain-based IoT-Cloud authorization and delegation. In: 2018 International Conference on Smart Computing (SMARTCOMP), pp. 411–416. IEEE, Taormina (2018). https://doi.org/https://doi.org/10.1109/SMARTCOMP.2018.00038
Thion, R.: Access control models. In: Janczewski, L., Colarik, A. (eds.) Cyber Warfare and Cyber Terrorism, pp. 318–326. IGI Global, Hershey (2007). https://doi.org/10.4018/978-1-59140-991-5.ch037
Usha, S., Tamilarasi, A.: A trust based security framework with anonymous authentication system using multiple attributes in decentralized cloud. Clust. Comput. 22, 3883–3892 (2019). https://doi.org/10.1007/s10586-018-2478-3
Veloudis, S., Paraskakis, I., Petsos, C., Verginadis, Y., Patiniotakis, I., Gouvas, P., Mentzas, G.: Achieving security-by-design through ontology-driven attribute-based access control in cloud environments. Future Gener. Comput. Syst. 93, 373–391 (2019). https://doi.org/10.1016/j.future.2018.08.042
Wan, Z., Liu, J., Deng, R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in Cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012). https://doi.org/10.1109/TIFS.2011.2172209
Wang, T., Lee, H.: Developing a fuzzy TOPSIS approach based on subjective weights and objective weights. Expert Syst. Appl. 36(5), 8980–8985 (2009). https://doi.org/10.1016/j.eswa.2008.11.035
Wang, W., Han, J., Song, M., Wang, X.: The design of a trust and role based access control model in Cloud computing. In: 2011 6th International Conference on Pervasive Computing and Applications, Port Elizabeth, pp. 330–334, 2011. https://doi.org/https://doi.org/10.1109/ICPCA.2011.6106526
Xiong, L., Liu, L.: PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004). https://doi.org/10.1109/TKDE.2004.1318566
Yager, R.R.: On ordered weighted averaging aggregation operators in multicriteria decision making. IEEE Trans. Syst. Man Cybern. 18, 183–190 (1988). https://doi.org/10.1109/21.87068
Yan, H., Li, J., Li, X., Zhao, G., Lee, S., Shen, J.: Secure access control of E-Health system with attribute-based encryption. Intell. Autom. Soft Comput. 22(3), 345–352 (2016). https://doi.org/10.1080/10798587.2015.1132586
Yao, L., Kong, X., Xu, Z.: A task-role based access control model with multi-constraints. In: 2008 Fourth International Conference on Networked Computing and Advanced Information Management, pp. 137–143. IEEE, Gyeongju (2008). https://doi.org/https://doi.org/10.1109/NCM.2008.75
Younis, A., Kifayat, K., Merabti, M.: An access control model for Cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014). https://doi.org/10.1016/j.jisa.2014.04.003
Zhou, L., Varadharajan, V., Hitchens, M.: Trust enhanced cryptographic role-based access control for secure Cloud data storage. IEEE Trans. Inf. Forensics Secur. 10(11), 2381–2395 (2015). https://doi.org/10.1109/TIFS.2015.2455952
Zhou, R., Hwang, K.: PowerTrust: a robust and scalable reputation system for trusted peer-to-peer computing. IEEE Trans. Parallel Distrib. Syst. 18(4), 460–473 (2007). https://doi.org/10.1109/TPDS.2007.1021
Zhou, R., Hwang, K., Cai, M.: GossipTrust for fast reputation aggregation in peer-to-peer networks. IEEE Trans. Knowl. Data Eng. 20(9), 1282–1295 (2008). https://doi.org/10.1109/TKDE.2008.48
Acknowledgements
This work has been supported by the Scholarship Grants under the Visvesvaraya Ph.D. Scheme of Ministry of Electronics and Information Technology (MeitY), Government of India.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mehraj, S., Banday, M.T. A flexible fine-grained dynamic access control approach for cloud computing environment. Cluster Comput 24, 1413–1434 (2021). https://doi.org/10.1007/s10586-020-03196-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-020-03196-x