Skip to main content
SpringerLink
Log in

A flexible fine-grained dynamic access control approach for cloud computing environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

As a pioneering surge of ICT technologies, offering computing resources on-demand, the exceptional evolution of Cloud computing has not gone unnoticed by the IT world. At the same time, security stands as a most prior concern for this new progressive computing capability of on-demand services over the Internet. Hence, access control substantiates one of the fundamental conditions to fortify the information and Cloud system against illegitimate access among all the security requirements of Cloud computing. Although diverse access control models have been proposed and implemented for the Cloud computing paradigm, the models may fail to accomplish the dynamic and scalable requirements of the Cloud system adequately. Therefore, we propose a dynamic authorization system for a Cloud computing environment that employs the concept of role, task, and trustworthiness of the user. In this paper, a framework has been proposed that offers characteristics of both passive and active access control along with the trusted computing, thereby, blending the model into a more fine-grained and dynamic for the Cloud computing environment. Subsequently, the implementation of the propounded scheme is reported to provide the proof-of-concept. Additionally, the evaluation and use case scenario of the propounded system has been carried out to proclaim its effectiveness over other conventional models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Abadi, M.: Logic in access control (tutorial notes). In: Aldini, A., Barthe, G., Gorrieri, R. (eds) International School on Foundations of Security Analysis and Design, Foundations of Security Analysis and Design V. FOSAD 2009, FOSAD 2007, FOSAD 2008. Lecture Notes in Computer Science, vol 5705, pp. 145–165. Springer, Berlin. https://doi.org/https://doi.org/10.1007/978-3-642-03829-7_5

  2. Agrawal, N., Tapaswi, S.: A trustworthy agent-based encrypted access control method for mobile Cloud computing environment. Pervasive Mob. Comput. 52, 13–28 (2019). https://doi.org/10.1016/j.pmcj.2018.11.003

    Article  Google Scholar 

  3. Alam, M., Emmanuel, N., Khan, T., Xiang, Y., Hassan, H.: Garbled role-based access control in the Cloud. J. Ambient Intell. Humaniz. Comput. 9(4), 1153–1166 (2018). https://doi.org/10.1007/s12652-017-0573-6

    Article  Google Scholar 

  4. Anakath, A., Rajakumar, S., Ambika, S.: Privacy preserving multi factor authentication using trust management. Clust. Comput. 22, 10817–10823 (2019). https://doi.org/10.1007/s10586-017-1181-0

    Article  Google Scholar 

  5. Anilkumar, C., Subramanian, S.: A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer–Peer Netw. Appl. (2020). https://doi.org/10.1007/s12083-020-00961-y

    Article  Google Scholar 

  6. Cai, F., Zhu, N., He, J., Mu, P., Li, W., Yu, Y.: Survey of access control models and technologies for Cloud computing. Clust. Comput. 22, 6111–6122 (2019). https://doi.org/10.1007/s10586-018-1850-7

    Article  Google Scholar 

  7. Fan, Z., Xiao, Y., Wang, C., Liu, B.: Research on access control in cloud storage system: from single to multi-clouds. Am. J. Softw. Eng. Appl. 7(1), 1–14 (2018). https://doi.org/10.11648/j.ajsea.20180701.11

    Article  Google Scholar 

  8. Ghaffar, Z., Ahmed, S., Mahmood, K., Islam, H., Hassan, M., Fortino, G.: An improved authentication scheme for remote data access and sharing over cloud storage in cyber–physical–social-systems. IEEE Access 8, 47144–47160 (2020). https://doi.org/10.1109/ACCESS.2020.2977264

    Article  Google Scholar 

  9. Ilankumaran, S., Deisy, C.: Multi-biometric authentication system using finger vein and iris in cloud computing. Clust. Comput. 22, 103–117 (2019). https://doi.org/10.1007/s10586-018-1824-9

    Article  Google Scholar 

  10. Indu, I., Anand, R., Bhaskar, V.: Identity and access management in Cloud environment: mechanisms and challenges. Eng. Sci. Technol. Int. J. 21(4), 574–588 (2018). https://doi.org/10.1016/j.jestch.2018.05.010

    Article  Google Scholar 

  11. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: DBSec’12 Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp. 41–55, 2012. https://doi.org/https://doi.org/10.1007/978-3-642-31540-4_4

  12. Joseph, T., Kalaiselvan, S.A., Aswathy, S.U., Radhakrishnan, R., Shamna, A.R.: A multimodal biometric authentication scheme based on feature fusion for improving security in cloud environment. J. Ambient Intell. Humaniz. Comput. (2020). https://doi.org/10.1007/s12652-020-02184-8

    Article  Google Scholar 

  13. Joshi, B., Shrivastava, M., Joshi, B.: Security threats and their mitigation in infrastructure as a service. Perspect. Sci. 8, 462–464 (2016). https://doi.org/10.1016/j.pisc.2016.05.001

    Article  Google Scholar 

  14. Kamvar, S., Schlosser, M.T., Garcia-Molina, H.: The EigenTrust algorithm for reputation management in P2P networks. In: 12th International Conference on World Wide Web (WWW ’03), pp. 640–651. Association for Computing Machinery (2003). https://doi.org/10.1145/775152.775242

  15. Kanwal, T., Anjum, A., Khan, A.: Privacy preservation in e-health cloud: taxonomy, privacy requirements, feasibility analysis, and opportunities. Clust. Comput. (2020). https://doi.org/10.1007/s10586-020-03106-1

    Article  Google Scholar 

  16. Khilar, P., Chaudhari, V., Swain, R.: Trust-based access control in Cloud computing using machine learning. In: Das, H., Barik, R., Dubey, H., Roy, D. (eds) Cloud Computing for Geospatial Big Data Analytics, vol 49, pp. 55–79. Springer (2019). https://doi.org/https://doi.org/10.1007/978-3-030-03359-0_3

  17. Li, J., Chen, X., Chow, S., Huang, Q., Wong, D., Liu, Z.: Multi-authority fine-grained access control with accountability and its application in Cloud. J. Netw. Comput. Appl. 112, 89–96 (2018). https://doi.org/10.1016/j.jnca.2018.03.006

    Article  Google Scholar 

  18. Li, W., Wan, H., Ren, X., Li, S.: A refined RBAC model for Cloud computing. In: 2012 ACIS 11th International Conference on Computer and Information Science, pp. 43–48. IEEE, Shanghai (2012). https://doi.org/https://doi.org/10.1109/ICIS.2012.13

  19. Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale P2P computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011). https://doi.org/10.1016/j.jpdc.2011.01.007

    Article  MATH  Google Scholar 

  20. Liu, C.: Cloud service access control system based on ontologies. Adv. Eng. Softw. 69, 26–36 (2014). https://doi.org/10.1016/j.advengsoft.2013.12.006

    Article  Google Scholar 

  21. Mallare, I., Pancho-Festin, S.: Combining task- and role-based access control with multi-constraints for a medical workflow system. In: 2013 International Conference on IT Convergence and Security (ICITCS), pp. 1–4. IEEE, Macao (2013). https://doi.org/https://doi.org/10.1109/ICITCS.2013.6717814

  22. Mammass, M., Ghadi, F.: An overview of access control models. Int. J. Appl. Evol. Comput. 6(4), 28–38 (2015). https://doi.org/10.4018/IJAEC.2015100103

    Article  Google Scholar 

  23. Namasudra, S., Devi, D., Kadry, S., Sundarasekar, R., Shanthini, A.: Towards DNA based data security in the cloud computing environment. Comput. Commun. 151, 539–547 (2020). https://doi.org/10.1016/j.comcom.2019.12.041

    Article  Google Scholar 

  24. Namasudra, S., Roy, P.: PpBAC: popularity based access control model for cloud computing. J. Organ. End User Comput. 30(4), 14–31 (2018). https://doi.org/10.4018/JOEUC.2018100102

    Article  Google Scholar 

  25. Ngo, C., Demchenko, Y., Laat, C.: Multi-tenant attribute-based access control for Cloud infrastructure services. J. Inf. Secur. Appl. 27, 65–84 (2016). https://doi.org/10.1016/j.jisa.2015.11.005

    Article  Google Scholar 

  26. Oh, S., Park, S.: Task–role-based access control model. Inf. Syst. 28(6), 533–562 (2003). https://doi.org/10.1016/S0306-4379(02)00029-7

    Article  MATH  Google Scholar 

  27. Premkamal, P., Pasupuleti, S., Alphonse, P.J.: A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in Cloud. J. Ambient Intell. Humaniz. Comput. 10(2), 2693–2707 (2019). https://doi.org/10.1007/s12652-018-0967-0

    Article  Google Scholar 

  28. Punithasurya, K., Jeba Priya, S.: Analysis of different access control mechanism in Cloud. Int. J. Appl. Inf. Syst. 4(2), 34–39 (2012). https://doi.org/10.5120/ijais12-450660

    Article  Google Scholar 

  29. Qiu, L., Sun, X., Xu, J.: Categorical quantum cryptography for access control in Cloud computing. Soft Comput. 22, 6363–6370 (2018). https://doi.org/10.1007/s00500-017-2688-2

    Article  MATH  Google Scholar 

  30. Ramu, G., Reddy, B.E., Jayanthi, A., Prasad, L.V.N.: Fine-grained access control of EHRs in cloud using CP-ABE with user revocation. Health Technol. 9, 487–496 (2019). https://doi.org/10.1007/s12553-019-00304-9

    Article  Google Scholar 

  31. Sainan, L.: Task-role-based access control model and its implementation. In: 2nd International Conference on Education Technology and Computer (ICETC). IEEE (2010). https://doi.org/10.1109/ICETC.2010.5529541

  32. Samarati, P., Vimercati, S.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds) Foundations of Security Analysis and Design. FOSAD 2000. Lecture Notes in Computer Science, vol 2171, pp. 137–196. Springer, Berlin. https://doi.org/https://doi.org/10.1007/3-540-45608-2_3

  33. Selvakumar, K., SaiRamesh, L., Sabena, S., Kannayaram, G.: CLOUD COMPUTING-TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. In: Satapathy, S.C., Bhateja, V., Das, S. (eds) Smart Intelligent Computing and Applications; Part of Smart Innovation, Systems and Technologies, vol 105, pp. 365–373. Springer (2019). https://doi.org/https://doi.org/10.1007/978-981-13-1927-3_39

  34. Servos, D., Osborn, S.: Current research and open problems in attribute-based access control. ACM Comput. Surv. (2017). https://doi.org/10.1145/3007204

    Article  Google Scholar 

  35. Singh, A., Chatterjee, K.: Trust-based access control model for securing electronic healthcare system. J. Ambient Intell. Humaniz. Comput. 10, 4547–4565 (2019). https://doi.org/10.1007/s12652-018-1138-z

    Article  Google Scholar 

  36. Tahir, M., Sardaraz, M., Mehmood, Z., Muhammad, S.: CryptoGA: a cryptosystem based on genetic algorithm for cloud data security. Clust. Comput. (2020). https://doi.org/10.1007/s10586-020-03157-4

    Article  Google Scholar 

  37. Tapas, N., Merlino, G., Longo, F.: Blockchain-based IoT-Cloud authorization and delegation. In: 2018 International Conference on Smart Computing (SMARTCOMP), pp. 411–416. IEEE, Taormina (2018). https://doi.org/https://doi.org/10.1109/SMARTCOMP.2018.00038

  38. Thion, R.: Access control models. In: Janczewski, L., Colarik, A. (eds.) Cyber Warfare and Cyber Terrorism, pp. 318–326. IGI Global, Hershey (2007). https://doi.org/10.4018/978-1-59140-991-5.ch037

    Chapter  Google Scholar 

  39. Usha, S., Tamilarasi, A.: A trust based security framework with anonymous authentication system using multiple attributes in decentralized cloud. Clust. Comput. 22, 3883–3892 (2019). https://doi.org/10.1007/s10586-018-2478-3

    Article  Google Scholar 

  40. Veloudis, S., Paraskakis, I., Petsos, C., Verginadis, Y., Patiniotakis, I., Gouvas, P., Mentzas, G.: Achieving security-by-design through ontology-driven attribute-based access control in cloud environments. Future Gener. Comput. Syst. 93, 373–391 (2019). https://doi.org/10.1016/j.future.2018.08.042

    Article  Google Scholar 

  41. Wan, Z., Liu, J., Deng, R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in Cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012). https://doi.org/10.1109/TIFS.2011.2172209

    Article  Google Scholar 

  42. Wang, T., Lee, H.: Developing a fuzzy TOPSIS approach based on subjective weights and objective weights. Expert Syst. Appl. 36(5), 8980–8985 (2009). https://doi.org/10.1016/j.eswa.2008.11.035

    Article  Google Scholar 

  43. Wang, W., Han, J., Song, M., Wang, X.: The design of a trust and role based access control model in Cloud computing. In: 2011 6th International Conference on Pervasive Computing and Applications, Port Elizabeth, pp. 330–334, 2011. https://doi.org/https://doi.org/10.1109/ICPCA.2011.6106526

  44. Xiong, L., Liu, L.: PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004). https://doi.org/10.1109/TKDE.2004.1318566

    Article  Google Scholar 

  45. Yager, R.R.: On ordered weighted averaging aggregation operators in multicriteria decision making. IEEE Trans. Syst. Man Cybern. 18, 183–190 (1988). https://doi.org/10.1109/21.87068

    Article  MATH  Google Scholar 

  46. Yan, H., Li, J., Li, X., Zhao, G., Lee, S., Shen, J.: Secure access control of E-Health system with attribute-based encryption. Intell. Autom. Soft Comput. 22(3), 345–352 (2016). https://doi.org/10.1080/10798587.2015.1132586

    Article  Google Scholar 

  47. Yao, L., Kong, X., Xu, Z.: A task-role based access control model with multi-constraints. In: 2008 Fourth International Conference on Networked Computing and Advanced Information Management, pp. 137–143. IEEE, Gyeongju (2008). https://doi.org/https://doi.org/10.1109/NCM.2008.75

  48. Younis, A., Kifayat, K., Merabti, M.: An access control model for Cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014). https://doi.org/10.1016/j.jisa.2014.04.003

    Article  Google Scholar 

  49. Zhou, L., Varadharajan, V., Hitchens, M.: Trust enhanced cryptographic role-based access control for secure Cloud data storage. IEEE Trans. Inf. Forensics Secur. 10(11), 2381–2395 (2015). https://doi.org/10.1109/TIFS.2015.2455952

    Article  Google Scholar 

  50. Zhou, R., Hwang, K.: PowerTrust: a robust and scalable reputation system for trusted peer-to-peer computing. IEEE Trans. Parallel Distrib. Syst. 18(4), 460–473 (2007). https://doi.org/10.1109/TPDS.2007.1021

    Article  Google Scholar 

  51. Zhou, R., Hwang, K., Cai, M.: GossipTrust for fast reputation aggregation in peer-to-peer networks. IEEE Trans. Knowl. Data Eng. 20(9), 1282–1295 (2008). https://doi.org/10.1109/TKDE.2008.48

    Article  Google Scholar 

Download references

Acknowledgements

This work has been supported by the Scholarship Grants under the Visvesvaraya Ph.D. Scheme of Ministry of Electronics and Information Technology (MeitY), Government of India.

Author information

Authors and Affiliations

  1. Department of Electronics and Instrumentation Technology, University of Kashmir, Srinagar, India

    Saima Mehraj & M. Tariq Banday

Authors
  1. Saima Mehraj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Tariq Banday
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Tariq Banday.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mehraj, S., Banday, M.T. A flexible fine-grained dynamic access control approach for cloud computing environment. Cluster Comput 24, 1413–1434 (2021). https://doi.org/10.1007/s10586-020-03196-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03196-x

Keywords

Search

Navigation