Skip to main content
SpringerLink
Log in

A Secure Access Control Framework for Cloud Management

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Cloud operating system (Cloud OS) is the heart of cloud management platform that takes control of various cloud resources. Therefore, it attracts numerous attacks, especially unauthorized access. Many existing works adopt role-based access control (RBAC) model for Cloud OS access control and token-based approaches as user credentials of sessions or transactions between users and cloud, but they fail to resist privilege abuse caused by RBAC policy rules tampering or token hijacking. To addresses this challenging problem, we propose a secure access control framework suitable for resource-centric Cloud OS. For one thing, we propose a new authorization model with cryptographically protected RBAC policy rules. To solve the policy decision problem caused by encrypted policy rules in this model, an approach is developed to transform it into permission searching problem and we further propose a policy decision scheme based on this. For another thing, we achieve user token unlinkability and token-replay-attack resistance by introducing randomization mechanism and leveraging one-show token technique. A proof of concept implementation has been developed and the proposed scheme is proven secure and efficient by security analysis and the performance evaluation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Aftab MU, Qin Z, Hundera NW, Ariyo O, Son NT, Dinh TV et al (2019) Permission-based separation of duty in dynamic role-based access control model. Symmetry 11(5):669

    Article  Google Scholar 

  2. Aftab MU, Qin Z, Quadri SF, Javed A, Nie X (2019) Role-based abac model for implementing least privileges. In: Proceedings of the 2019 8th international conference on software and computer applications, pp 467–471

  3. Blundo C, Cimato S, Siniscalchi L (2020) Managing constraints in role based access control. IEEE Access

  4. Cai F, Zhu N, He J, Mu P, Li W, Yu Y (2019) Survey of access control models and technologies for cloud computing. Clust Comput 22(3):6111–6122

    Article  Google Scholar 

  5. Chakraborty S, Sandhu R, Krishnan R (2019) On the feasibility of rbac to abac policy mining: A formal analysis. In: International conference on secure knowledge management in artificial intelligence era. Springer, pp 147–163

  6. Chen Z, Yang Q, Wan X, Tu Y, Yu F, Xu C (2011) Privacy preservation in role-based access control model. J Netw 6(8):1106

    Google Scholar 

  7. De Caro A, Iovino V (2011) jpbc: Java pairing based cryptography. In: Proceedings of the 16th IEEE symposium on computers and communications, ISCC 2011, Kerkyra, Corfu, Greece, June 28 - July 1, pp 850–855

  8. Dixit JP, Badal N, Abbas SQ (2017) A novel approach of distributed security mechanism of data distribution in distributed environment. Int J Appl Eng Res 12(10):2115–2122

    Google Scholar 

  9. Ghorbel A, Ghorbel M, Jmaiel M (2017) Privacy in cloud computing environments: a survey and research challenges. J Supercomput 73(6):2763–2800

    Article  Google Scholar 

  10. Gu W, Yang C, Yi Y (2020) An access model under cloud computing environment. Int J Comput Sci Eng 22(2-3):328–334

    Google Scholar 

  11. He Y, Han Z, Cai Y (2010) A fine grained rbac model supporting flexible administrative separation of duty. In: 2010 sixth international conference on intelligent information hiding and multimedia signal processing. IEEE, pp 192–195

  12. Li J, Tang X, Wei Z, Wang Y, Chen W, Tan YA (2019) Identity-based multi-recipient public key encryption scheme and its application in iot. Mob Netw Appl pp 1–8

  13. Li Z, Wang D, Morais E (2020) Quantum-safe round-optimal password authentication for mobile devices. IEEE Trans Dependable Secure Comput PP(99)

  14. Lufei Z (2017) Zuoning, C.: vstarcloud: an operating system architecture for cloud computing. In: 2017 IEEE 2nd international conference on cloud computing and big data analysis (ICCCBDA). IEEE, pp 271–275

  15. Luo J, Wang H, Gong X, Li T (2016) A novel role-based access control model in cloud environments. Int J Comput Intell Syst 9(1):1–9

    Article  Google Scholar 

  16. Maiti S, Misra S (2020) P2b: Privacy preserving identity-based broadcast proxy re-encryption. IEEE Trans Veh Technol 69(5):5610–5617

    Article  Google Scholar 

  17. Miao Y, Ma J, Liu X, Weng J, Li H, Li H (2018) Lightweight fine-grained search over encrypted data in fog computing. IEEE Trans Serv Comput 12(5):772–785

    Article  Google Scholar 

  18. Pérez JMM, Pérez GM, Gómez AFS (2016) Secrbac: Secure data in the clouds. IEEE Trans Serv Comput 10(5):726–740

    Article  Google Scholar 

  19. Pustchi N, Sandhu R (2015) Mt-abac: A multi-tenant attribute-based access control model with tenant trust. In: International conference on network and system security. Springer, pp 206–220

  20. PV R, Sandhu R (2016) Poster: security enhanced administrative role based access control models. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 1802–1804

  21. Qiu S, Wang D, Xu G, Kumari S (2020) Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Trans Dependable Secure Comput

  22. Rahman MU (2020) Scalable role-based access control using the eos blockchain. arXiv:2007.02163

  23. Riad K, Hamza R, Yan H (2019) Sensitive and energetic iot access control for managing cloud electronic health records. IEEE Access 7:86,384–86,393

    Article  Google Scholar 

  24. Sandhu R, Ferraiolo D, Kuhn R et al (2000) The nist model for role-based access control: towards a unified standard. In: ACM workshop on role-based access control, vol 10

  25. Shuang W, Hao Y, Dongnan L (2018) A new identity based blind signature scheme and its application. In: 2018 IEEE 3rd advanced information technology, electronic and automation control conference (IAEAC). IEEE, pp 672–676

  26. Singh MP, Sural S, Vaidya J, Atluri V (2019) Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database. Comput Secur 86:183– 205

    Article  Google Scholar 

  27. Sinha AK, Tripathy S (2019) Cookiearmor: Safeguarding against cross-site request forgery and session hijacking. Secur Priv 2(2):e60

    Article  Google Scholar 

  28. Varghese B, Netto MA, Llorente IM, Buyya R (2020) New generation cloud computing. Softw Pract Exp 50(6):803–804

    Article  Google Scholar 

  29. Wang C, Wang D, Tu Y, Xu G, Wang H (2020) Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Trans Dependable Secure Comput

  30. Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Secur 12(11):2776–2791

    Article  Google Scholar 

  31. Wang D, Li W, Wang P (2018) Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Trans Ind Inform 14(9):4081–4092

    Article  Google Scholar 

  32. Wang D, Wang N, Wang P, Qing S (2015) Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Inform Sci 321:162–178

    Article  MATH  Google Scholar 

  33. Wang D, Wang P (2016) Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans Dependable Secure Comput pp 1–1

  34. Xu P, Jiao T, Wu Q, Wang W, Jin H (2015) Conditional identity-based broadcast proxy re-encryption and its application to cloud email. IEEE Trans Comput 65(1):66–79

    Article  MathSciNet  MATH  Google Scholar 

  35. Yang Y, Liu R, Chen Y, Li T, Tang Y (2018) Normal cloud model-based algorithm for multi-attribute trusted cloud service selection. IEEE Access 6:37,644–37,652

    Article  Google Scholar 

  36. Yu Y, Ni J, Yang H, Mu Y, Susilo W (2014) Efficient public key encryption with revocable keyword search. Secur Commun Netw 7(2):466–472

    Article  Google Scholar 

  37. Zhang J, Ma J, Ma Z, Lu N, Yang Y, Li T, Wei D (2019) Efficient hierarchical data access control for resource-limited users in cloud-based e-health. In: 2019 international conference on networking and network applications (NaNA). IEEE, pp 319– 324

  38. Zhou L, Varadharajan V, Hitchens M (2013) Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans Inf Forensic Secur 8(12):1947–1960

    Article  Google Scholar 

Download references

Acknowledgements

This work supported by the National Natural Science Foundation of China (Nos.62072093, 62072092, 61601107and U1708262); the China Postdoctoral Science Foundation (No.2019M653568); the Fundamental Research Funds for the Central Universities (No.N2023020); the Natural Science Foundation of Hebei Province of China (No.F2020501013) the Key Research and Development Project of Hebei Province (No.20310702D).

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, China

    Jiawei Zhang & Jianfeng Ma

  2. School of Computer Science and Technology, Xidian University, Xi’an, China

    Ning Lu

  3. College of Computer Science and Engineering, Northeastern University, Qinhuangdao, China

    Ning Lu & Wenbo Shi

  4. School of EECS, Peking University, Beijing, China

    Ruixiao Wang

Authors
  1. Jiawei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ruixiao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wenbo Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ning Lu.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, J., Lu, N., Ma, J. et al. A Secure Access Control Framework for Cloud Management. Mobile Netw Appl 27, 404–416 (2022). https://doi.org/10.1007/s11036-021-01839-w

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-021-01839-w

Keywords

Search

Navigation