Skip to main content
SpringerLink
Log in

Cloud authorization: exploring techniques and approach towards effective access control framework

  • Review Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, primarily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control requirements in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation results is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate technique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumerate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge — access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorporate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple access control models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi D J. Data management in the cloud: limitations and opportunities. IEEE Data Engineering Bulletin, 2009, 32(1): 3–12

    Google Scholar 

  2. Rimal B, Choi E, Lumb I. A taxonomy and survey of cloud computing systems. In: Proceedings of the 5th International Joint Conference on INC, IMS and IDC. 2009, 44–51

    Google Scholar 

  3. Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011, 34(1): 1–11

    Article  Google Scholar 

  4. Bisong A, Rahman M. An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Application, 2011, 3(1): 30–45

    Article  Google Scholar 

  5. Popovic K, Hocenski Z. Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention on MIPRO. 2010, 344–349

    Google Scholar 

  6. Arasu A, Eguro K, Kaushik R, Ramamurthy R. Querying encrypted data. In: Proceedings of the IEEE 29th International Conference on Data Engineering (ICDE). 2013, 1262–1263

    Google Scholar 

  7. Simmonds P, Yeomans A, Dobson I, Arnold J, Secombe A, Johnson P, Tully S, Ramamorthy B, Kumaraswamy S, Mishra R, Lang U, Laundrup J, Wilson Y. Security Guidance for Critical Area of Focus in Cloud Computing v3.0. Cloud Security Alliance (CSA), 2011

    Google Scholar 

  8. Lampson B. Dynamic protection structures. In: Proceedings of the AFIPS Conference. 1969, 27–38

    Google Scholar 

  9. Elisa Bertino R. Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2005, 2(1): 1–11

    Article  Google Scholar 

  10. M. G. Piattini M, Fernandez-Medina E. Secure databases: state of the art. In: Proceedings of the IEEE 34th Annual International Carnahan Conference on Security Technology. 2000

    Google Scholar 

  11. Sandhu R, Coyne J, Feinstein L, Youman E. Role based access control models. Computer Journals and Magazines, 1996, 29(2): 38–47

    Article  Google Scholar 

  12. Khan A R. Access control in cloud computing environment. ARPN Journal of Engineering and Applied Science, 2012, 7(5): 613–615

    Google Scholar 

  13. Han W, Lei C. A survey on policy languages in network and security management. Computer Networks, 2012, 56(1): 477–489

    Article  Google Scholar 

  14. Baskerville R. Information systems security design methods: implications for information systems development. ACM Computing Surveys (CSUR), 1993, 25(4): 375–414

    Article  Google Scholar 

  15. McCollum C J, Messing J R, Notargiacomo L. Beyond the pale of MAC and DAC-defining new forms of access control. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 1990, 190–200

    Chapter  Google Scholar 

  16. Lovell R. Introduction to Cloud Computing. Think Grid, Business Ondemand, 2011

    Google Scholar 

  17. Zissis D, Dimitrios L. Addressing cloud computing security issues. Future Generation Computer Systems, 2012, 28(3): 583–593

    Article  Google Scholar 

  18. Borras J, Sabo J. Report on International Cloud Symposium. Technical report. 2011

    Google Scholar 

  19. Halpert B. Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons, Inc., 1–13

  20. IBM. Strategies for Assessing Cloud Security. Technical report. Global Technology Services. 2010

    Google Scholar 

  21. The Sarbanes-oxley Act of 2002: and Current Proposals by Nyse, Amex and Nasdaq. Price Water House Coopers, 2003

  22. Centers Disease Control and Prevention. Hipaa privacy rule and public health. guidance from CDC and the US department of health and human services. MMWR: Morbidity and Mortality Weekly Report, 2003, 52(Suppl. 1): 1–17

    Google Scholar 

  23. Pucciarelli C. It Cloud Decision Economic: 10 Best Practices for Public It Cloud Decision Economic. Technical report. 2012

    Google Scholar 

  24. Masood R, Shibli MA. Comparative analysis of access control systems on cloud. In: Proceedings of the 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel & Distributed Computing (SNPD). 2012, 41–46

    Google Scholar 

  25. Jansen W. Directions in Security Metrics Research. DIANE Publishing, 2010

    Google Scholar 

  26. Hu V C, Ferraiolo D, Kuhn D R. Assessment of Access Control Systems. US Department of Commerce, National Institute of Standards and Technology, 2006

    Google Scholar 

  27. Sanka S, Hota C, Rajarajan M. Secure data access in cloud computing. In: Proceedings of the IEEE 4th International Conference on Internet Multimedia Services Architecture and Application (IMSAA). 2010, 44–51

    Google Scholar 

  28. Harnik D, Kolodne E, Ronen S, Satran J, Shulman A, Tal S. Secure access mechanism for cloud storage. Scientific International Journal for Parallel and Distributed Computing, 2011, 12(3): 317–336

    Google Scholar 

  29. Lang U. Openpmf scaas: authorization as a service for cloud & soa applica-tions. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom). 2010, 634–643

    Google Scholar 

  30. Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A. A distributed access control architecture for cloud computing software. IEEE Software Journal, 2012, 29(2): 36–44

    Article  Google Scholar 

  31. Sirisha A, Kumari G. Api access control in cloud using the role based access control model. In: Proceedings of the Trendz in Information Sciences & Computing (TISC). 2010, 135–137

    Chapter  Google Scholar 

  32. Zhang Y, Chen J L. Access control as a service for public cloud storage. In: Proceedings of the 32nd Interna-tional Conference on Distributed Computing Systems Workshops (ICDCSW). 2012, 526–536

    Google Scholar 

  33. Mon E, Naing T. The privacy-aware access control system using arbac in private cloud. In: Proceedings of the 45th Hawaii International Conference on System Sciences. 2011, 44–51

    Google Scholar 

  34. Li H, Zhao G, Chen X, Rong D, Li W, Tang L, Tang Y. Fine-grained data access control systems with user accountability in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science (CloudCom). 2010, 89–96

    Google Scholar 

  35. Lazouski A, Mancini G, Martinelli F, Mori P. Usage control in cloud systems. In: Proceedings of the International Conference on Internet Technology And Secured Transactions. 2012, 202–207

    Google Scholar 

  36. Yu S, Wang C, KuiRen WL. Achieving secure, scalable, and finegrained data access control in cloud computing. In: Proceedings of the IEEE International Conference on Computer Communications. 2010, 1–9

    Google Scholar 

  37. Li X, Shi Y, Guo Y, Ma W. Multi-tenancy based access control in cloud. In: Proceedings of the International Conference on Computational Intelligence and Software Engineering (CiSE). 2010, 1–4

    Google Scholar 

  38. Popa L, Yu M, Y. Ko S, Ratnasamy S, Stoica I. Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks (Hotnets’ 10). 2010

    Google Scholar 

  39. Zhu J, Wen Q. SaaS access control research based on ucon. In: Proceedings of the 4th International Conference on Digital Home (ICDH). 2012, 331–334

    Google Scholar 

  40. Bates A, Mood B, Valafar M, Butler K. Towards secure provenance-based access control in cloud environments. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. 2013, 277–284

    Google Scholar 

  41. Masood R, Shibli M A, Bilal M, others. Usage control model specification in XACML policy language. In: Proceedings of the Computer Information Systems and Industrial Management. 2012, 68–79

    Google Scholar 

  42. Jansen W, Grance T. Guidelines on security and privacy in public cloud computing. NIST Special Publication, 2011, 800: 144

    Google Scholar 

  43. Thomas R, Sandhu R. Towards a task-based paradigm for flexible and adaptable access control in distributed applications. In: Proceedings of the 2nd New Security Paradigms Workshop. 1993, 138–142

    Google Scholar 

  44. Thomas R, Sandhu R. Conceptual foundations for a model of task based authorizations. In: Proceedings of the IEEE Computer Security Foundations Workshop. 1994, 66–79

    Google Scholar 

  45. Priebe T, Dobmeier W, Kamprath N. Supporting attribute based access control with ontologies. In: Proceedings of the 1st International Conference on Availability, Reliability and Security (ARES). 2006, 8

    Google Scholar 

  46. Yuan E, Tong J. Attribute based access control, a new access control approach for service oriented architectures (soa). In: International Conference on Computer Science & Service System (CSSS). 2012, 1405–1408

    Google Scholar 

  47. Cooper A, Martin A. Towards an open, trusted digital rights management platform. In: Proceedings of the ACM Workshop on Digital Rights Management. 2006, 79–88

    Chapter  Google Scholar 

  48. Chakraborty S, Ray I. Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT). 2006, 49–58

    Google Scholar 

  49. Kumaraswamy S, Lakshminarayanan S, Stein M R J, Wilson Y. Domain 12: Guidance for Identity & Access Management v2. 1. Cloud Security Alliance (CSA). 2010, 10

    Google Scholar 

  50. Junos Pulse Access Control Service 4.4 r1 Supported Platforms Document. Technical Report, Juniper Networks. 2013

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science (SEECS), National University of Sciences and Technology (NUST), Islamabad, 44000, Pakistan

    Rahat Masood, Muhammad Awais Shibli, Yumna Ghazi, Ayesha Kanwal & Arshad Ali

Authors
  1. Rahat Masood
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Awais Shibli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yumna Ghazi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ayesha Kanwal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arshad Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rahat Masood.

Additional information

Rahat Masood completed her MS in computer & communication security from School of Electrical Engineering and Computer Science National University of Sciences and Technology (NUST-SEECS), Pakistan. As a research fellow at KTH-Applied Information Security Lab, she has conducted research in different domains of information security particularly including security of unstructured databases and Cloud computing environments. Her research emphasized on designing and developing solutions through state of the art technologies to protect data and resources, which are being outsourced at third part premises. Cloud computing technologies are currently her area of interest in which she is exploring various security issues at software and infrastructure layer services. She has previously done her BS with honours in software engineering from University of Engineering and Technology, Pakistan.

Muhammad Awais Shibli is an assistant professor at School of Electrical Engineering and Computer Sciences, National University of Sciences and Technology (NUST-SEECS), Pakistan since 2011. He is presently the director of KTH-SEECS Applied Information Security Lab, where he oversees research and development that include solving major information security issues in Cloud environments, databases and mobile agent systems. Dr. Shibli received his MS and PhD degrees in Information Security from Kungliga Tekniska Högskolan, Sweden. He has several publications in international journals and conferences and has acquired large funds for numerous research projects. He also serves on a number of committees and panels, including IEEE, ACM, Springer, ICT and HEC.

Yumna Ghazi graduated from School of Electrical Engineering and Computer Sciences National University of Sciences and Technology (NUSTSEECS), Pakistan in 2013 with a BS degree in information and communication systems engineering. For her final project in her senior year, she developed an identity control and access management solution for cloud-based applications. As a student, Yumna has always been open to exploring new ideas, and being a research associate at KTH-SEECS Applied Information Security Lab gives her the latitude to do so. Her fields of interest include the various domains under the umbrella of cyber security and cloud computing.

Ayesha Kanwal has completed her MS degree in the area of computer and communication security, from School of Electrical Engineering and Computer Sciences National University of Sciences and Technology (NUSTSEECS), Pakistan. She also holds a BE degree in software engineering. She is currently working as a research assistant in KTH-SEECS Applied Information Security Lab, in an ICT R&D funded project for Cloud based applications. During her research work, she has published several research articles in prestigious conferences along with impact factor journal papers. Her current research interests include Cloud computing security, design and development of trust evaluation models, cryptography, digital forensics, Cloud virtualization and trust management in Cloud federation.

Arshad Ali is currently working as the principal at School of Electrical Engineering and Computer Sciences, National University of Sciences and Technology, Pakistan where he is responsible for managing administrative, academic and research affairs. He received his PhD degree from University of Pittsburgh, USA in 1992. His research and development concentrates in the field of grid computing, distributed computing, mobile agents and distributed database systems. Among the various grants that he has received over the years, US-AID, Nokia Research Center of China and Koreon Research Development Program are few to mention. In addition to all these, Arshad Ali has published 112 journals and conference papers, granted five US and Korean patents and served as a member of different technical program committees.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Masood, R., Shibli, M.A., Ghazi, Y. et al. Cloud authorization: exploring techniques and approach towards effective access control framework. Front. Comput. Sci. 9, 297–321 (2015). https://doi.org/10.1007/s11704-014-3160-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-014-3160-4

Keywords

Search

Navigation