Abstract
In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.
Similar content being viewed by others
References
ANSI INCITS (2004) Role-based access control. ANSI INCITS 359-2004, American National Standards Institute, International Committee for Information Technology Standards 35(6):37–50
Burnett C, Chen L, Edwards P et al (2014) TRAAC: trust and risk aware access control. In: IEEE PST, Toronto
Chen YR, Tian LQ, Yang Y (2011) Model and analysis of user behavior based on dynamic game theory in cloud computing. Acta Electron Sin 39(8):1818–1823
Feng GD, Zhang M, Zhang Y, Xu Z (2011) Study on cloud computing security. J Softw 22(1):71–83. doi:10.3724/SP.J.10012011.03958
GB/T 20984-2007 (2007) Information security technology—risk assessment specification for information security
Josang A, Lo Presti S (2004) Analysing the relationship between risk and trust. Trust Manag 2:135–145. doi:10.1007/978-3-540-24747-0_11
Lin G, Wang D, Bie YY et al (2014) MTBAC: a mutual trust based access control model in cloud computing. China Commun 11(4):154–162. doi:10.1109/CC.2014.6827577
Liu W, Duan HX, Zhang H, Ren P, Wu JP (2011) TRBAC: trust based access control model. J Comput Res Dev 48(8):1414–1420
Ma SN, He JS, Gao F, Zhang YQ (2011) Access control model based on trust. Int J Digit Content Technol Appl 5(7):320–325. doi:10.4156/jdcta.vol5.issue7.40
Mahalle PN, Thakre P, Prasad NR et al (2013) A fuzzy approach to trust based access control in internet of things. In: IEEE VITAE, Atlantic City
Sandhu R, Ravi SS, Samarati P (1994) Access control: principles and practice. IEEE Commun Mag 32(9):40–48. doi:10.1109/35.312842
Tan Z, Tang Z, Li R et al (2011) Research on trust-based access control model in cloud computing. In: IEEE ITAIC, Chongqing
Tian LQ, Ji TG, Lin C, Yang Y (2008) Kind of user behavior trust and role based dynamic access control model. Comput Eng Appl 44(19):12–15. doi:10.3778/j.issn.1002-8331.2008.19.004
Visintine V (2003) An introduction to information risk assessment. SANS Institute. http://59.67.152.3/network/tp/papers/paper_security/IT_risk.pdf. Accessed 18 Dec 2015
Wang W, Han J, Song M et al (2011) The design of a trust and role based access control model in cloud computing. In: IEEE ICPCA, Port Elizabeth
Zhang RL, Wu XN, Zhou SY, Dong XS (2009) A trust model based on behaviors risk evaluation. Chin J Comput 32(4):688–698. doi:10.3724/SP.J.1016.2009.00688
Acknowledgments
This work was financially supported by the National High Technology Research and Development Program of China (2013BAD15B02), and Chinese Universities Scientific Fund (2452015195, 2452015199, 2014YB067, QN2012033).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jing, X., Liu, Z., Li, S. et al. A cloud-user behavior assessment based dynamic access control model. Int J Syst Assur Eng Manag 8 (Suppl 3), 1966–1975 (2017). https://doi.org/10.1007/s13198-015-0411-1
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-015-0411-1