PDF(563 KB)
Cloud authorization: exploring techniques and approach towards effective access control framework
Rahat MASOOD, Muhammad Awais SHIBLI, Yumna GHAZI, Ayesha KANWAL, Arshad ALI
PDF(563 KB)
PDF(563 KB)
Cloud authorization: exploring techniques and approach towards effective access control framework
Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, primarily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control requirements in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation results is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate technique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumerate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge – access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorporate the identified authorization features into a generic AcaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple access control models.
authorization / access control / software as a service / extensible access control markup language / identity & access management / cloud security
| [1] |
Abadi D J. Data management in the cloud: limitations and opportunities. IEEE Data Engineering Bulletin, 2009, 32(1): 3-12
|
| [2] |
Rimal B, Choi E, Lumb I. A taxonomy and survey of cloud computing systems. In: Proceedings of the 5th International Joint Conference on INC, IMS and IDC. 2009, 44-51
|
| [3] |
Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011, 34(1): 1-11
CrossRef
Google scholar
|
| [4] |
Bisong A, Rahman M. An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Application, 2011, 3(1): 30-45
CrossRef
Google scholar
|
| [5] |
Popovic K, Hocenski Z. Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention on MIPRO. 2010, 344-349
|
| [6] |
Arasu A, Eguro K, Kaushik R, Ramamurthy R. Querying encrypted data. In: Proceedings of the IEEE 29th International Conference on Data Engineering (ICDE). 2013, 1262-1263
|
| [7] |
Simmonds P, Yeomans A, Dobson I, Arnold J, Secombe A, Johnson P, Tully S, Ramamorthy B, Kumaraswamy S, Mishra R, Lang U, Laundrup J, Wilson Y. Security Guidance for Critical Area of Focus in Cloud Computing v3.0. Cloud Security Alliance (CSA), 2011
|
| [8] |
Lampson B. Dynamic protection structures. In: Proceedings of the AFIPS Conference. 1969, 27-38
CrossRef
Google scholar
|
| [9] |
Elisa Bertino R. Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2005, 2(1): 1-11
|
| [10] |
M. G. Piattini M, Fernandez-Medina E. Secure databases: state of the art. In: Proceedings of the IEEE 34th Annual International Carnahan Conference on Security Technology. 2000
|
| [11] |
Sandhu R, Coyne J, Feinstein L, Youman E. Role based access control models. Computer Journals and Magazines, 1996, 29(2): 38-47
CrossRef
Google scholar
|
| [12] |
Khan A R. Access control in cloud computing environment. ARPN Journal of Engineering and Applied Science, 2012, 7(5): 613-615
|
| [13] |
Han W, Lei C. A survey on policy languages in network and security management. Computer Networks, 2012, 56(1): 477-489
CrossRef
Google scholar
|
| [14] |
Baskerville R. Information systems security design methods: implications for information systems development. ACM Computing Surveys (CSUR), 1993, 25(4): 375-414
CrossRef
Google scholar
|
| [15] |
McCollum C J, Messing J R, Notargiacomo L. Beyond the pale of MAC and DAC-defining new forms of access control. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 1990, 190-200
CrossRef
Google scholar
|
| [16] |
Lovell R. Introduction to Cloud Computing. Think Grid, Business Ondemand, 2011
|
| [17] |
Zissis D, Dimitrios L. Addressing cloud computing security issues. Future Generation Computer Systems, 2012, 28(3): 583-593
CrossRef
Google scholar
|
| [18] |
Borras J, Sabo J. Report on International Cloud Symposium. Technical report. 2011
|
| [19] |
Halpert B. Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons, Inc., 1-13
|
| [20] |
IBM. Strategies for Assessing Cloud Security. Technical report. Global Technology Services. 2010
|
| [21] |
The Sarbanes-oxley Act of 2002: and Current Proposals by Nyse, Amex and Nasdaq. Price Water House Coopers, 2003
|
| [22] |
Centers Disease Control and Prevention. Hipaa privacy rule and public health. guidance from CDC and the US department of health and human services. MMWR: Morbidity and Mortality Weekly Report, 2003, 52 (Suppl. 1): 1-17
|
| [23] |
Pucciarelli C. It Cloud Decision Economic: 10 Best Practices for Public It Cloud Decision Economic. Technical report. 2012
|
| [24] |
Masood R, Shibli M A. Comparative analysis of access control systems on cloud. In: Proceedings of the 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel & Distributed Computing (SNPD). 2012, 41-46
|
| [25] |
Jansen W. Directions in Security Metrics Research. DIANE Publishing, 2010
|
| [26] |
Hu V C, Ferraiolo D, Kuhn D R. Assessment of Access Control Systems. US Department of Commerce, National Institute of Standards and Technology, 2006
|
| [27] |
Sanka S, Hota C, Rajarajan M. Secure data access in cloud computing. In: Proceedings of the IEEE 4th International Conference on Internet Multimedia Services Architecture and Application (IMSAA). 2010, 44-51
|
| [28] |
Harnik D, Kolodne E, Ronen S, Satran J, Shulman A, Tal S. Secure access mechanism for cloud storage. Scientific International Journal for Parallel and Distributed Computing, 2011, 12(3): 317-336
|
| [29] |
Lang U. Openpmf scaas: authorization as a service for cloud & soa applica-tions. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom). 2010, 634-643
|
| [30] |
Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A. A distributed access control architecture for cloud computing software. IEEE Software Journal, 2012, 29(2): 36-44
CrossRef
Google scholar
|
| [31] |
Sirisha A, Kumari G. Api access control in cloud using the role based access control model. In: Proceedings of the Trendz in Information Sciences & Computing (TISC). 2010, 135-137
|
| [32] |
Zhang Y, Chen J L. Access control as a service for public cloud storage. In: Proceedings of the 32nd Interna-tional Conference on Distributed Computing Systems Workshops (ICDCSW). 2012, 526-536
CrossRef
Google scholar
|
| [33] |
Mon E, Naing T. The privacy-aware access control system using arbac in private cloud. In: Proceedings of the 45th Hawaii International Conference on System Sciences. 2011, 44-51
|
| [34] |
Li H, Zhao G, Chen X, Rong D, Li W, Tang L, Tang Y. Fine-grained data access control systems with user accountability in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science (CloudCom). 2010, 89-96
|
| [35] |
Lazouski A, Mancini G, Martinelli F, Mori P. Usage control in cloud systems. In: Proceedings of the International Conference on Internet Technology And Secured Transactions. 2012, 202-207
|
| [36] |
Yu S, Wang C, KuiRen WL. Achieving secure, scalable, and finegrained data access control in cloud computing. In: Proceedings of the IEEE International Conference on Computer Communications. 2010, 1-9
|
| [37] |
Li X, Shi Y, Guo Y, Ma W. Multi-tenancy based access control in cloud. In: Proceedings of the International Conference on Computational Intelligence and Software Engineering (CiSE). 2010, 1-4
|
| [38] |
Popa L, Yu M, Y. Ko S, Ratnasamy S, Stoica I. Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks (Hotnets ’10). 2010
|
| [39] |
Zhu J, Wen Q. SaaS access control research based on ucon. In: Proceedings of the 4th International Conference on Digital Home (ICDH). 2012, 331-334
CrossRef
Google scholar
|
| [40] |
Bates A, Mood B, Valafar M, Butler K. Towards secure provenance-based access control in cloud environments. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. 2013, 277-284
CrossRef
Google scholar
|
| [41] |
Masood R, Shibli M A, Bilal M, others. Usage control model specification in XACML policy language. In: Proceedings of the Computer Information Systems and Industrial Management. 2012, 68-79
|
| [42] |
Jansen W, Grance T. Guidelines on security and privacy in public cloud computing. NIST Special Publication, 2011, 800: 144
|
| [43] |
Thomas R, Sandhu R. Towards a task-based paradigm for flexible and adaptable access control in distributed applications. In: Proceedings of the 2nd New Security Paradigms Workshop. 1993, 138-142
CrossRef
Google scholar
|
| [44] |
Thomas R, Sandhu R. Conceptual foundations for a model of task based authorizations. In: Proceedings of the IEEE Computer Security Foundations Workshop. 1994, 66-79
CrossRef
Google scholar
|
| [45] |
Priebe T, Dobmeier W, Kamprath N. Supporting attribute based access control with ontologies. In: Proceedings of the 1st International Conference on Availability, Reliability and Security (ARES). 2006, 8
CrossRef
Google scholar
|
| [46] |
Yuan E, Tong J. Attribute based access control, a new access control approach for service oriented architectures (soa). In: International Conference on Computer Science & Service System (CSSS). 2012, 1405-1408
|
| [47] |
Cooper A, Martin A. Towards an open, trusted digital rights management platform. In: Proceedings of the ACM Workshop on Digital Rights Management. 2006, 79-88
CrossRef
Google scholar
|
| [48] |
Chakraborty S, Ray I. Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT). 2006, 49-58
CrossRef
Google scholar
|
| [49] |
Kumaraswamy S, Lakshminarayanan S, Stein M R J, Wilson Y. Domain 12: Guidance for Identity & Access Management v2. 1. Cloud Security Alliance (CSA). 2010, 10
|
| [50] |
Junos Pulse Access Control Service 4.4 r1 Supported Platforms Document. Technical Report, Juniper Networks. 2013
|
/
| 〈 |
|
〉 |
AI Summary
