Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Hong Sun,Xueqin Zhang,Chunhua Gu

DOI: https://doi.org/10.14257/ijgdc.2014.7.3.01

2014-01-01

International Journal of Grid and Distributed Computing

Abstract:With the development of cloud computing, and as the basis of data services, security problems of cloud storage are growing more attention. Based on distributed storage, multidomain and multi-tenant characteristics, combined with access control technologies, this paper sets up the Role-based Access Control using Ontology and domians in Cloud Storage (DOnto_RBAC), which could provide a concise and effective strategy for service providers (isps). According to the characteristics of access control in cloud storage, based on the standards (called CDMI), this paper adds Domains and Time constraints of roles into RBAC. With ontology technologies and the OWL language, this paper establishes ontology model including entities' descriptions and strategies to realize reasoning of multi-domain access control permissions. We realized our system through Python and established Restful APIs. Experiments in campus-level cloud storage called Swift showed that, using requests with Restful format commands, DOnto_RBAC was proved to be effective to manage distributed and multi-domain data in cloud storage.

黄益民,杨子江,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.04.005

2004-01-01

Abstract:The traditional role-based access control (RBAC) model was extended in this work aimed at studying practical ways to implement access control, enforce security administration, and acquire available information from real world to construct an access control model and establish security policies. A three-layered architecture for role-based security administration was proposed. And a practical way was presented to implement role-based access control and role-based security administration ,so that cross-platform role-based access control is implemented automatically and systematically in the security administration system.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1109/icsmc.2004.1401072

2004-01-01

Abstract:The idea of role has been widely applied to solving the authority, responsibility, function and interaction, which are associated with member station in organizations. Access control is a key security issue in distributed collaboration systems. After analyzing corresponding security requirements and the present status of security in distributed collaboration system, this paper presents an extensive role-based access control (ERBAC) architecture based on differentiated domain management. In this architecture, security management is classified into inter-domain one and infra-domain one, whilst, it can integrate new security policies. Based on definition of role permission type, the paper introduces a function of permission type change to make ERBAC architecture flexible. In addition, the authors discuss the methods by which the security can be implemented in an agent-based framework. The practices signify that this system can be flexibly applied various existing policy languages and protocols.

Tianyi Zhu,Weidong Liu,Jiaxing Song

DOI: https://doi.org/10.1109/CIT.2011.36

2011-01-01

Abstract:coRBAC is a specifically optimized RBAC system for cloud computing environment. It inherits the existing RBAC's role model and dRBAC's domain model, optimizes and improves the access control system for services which are hosted on the cloud computing platform. coRBAC greatly improves the certification process and user experience by reducing the unnecessary process of establishing secure connection and setting up multi-level cache, reduces the space complexity and time complexity of access control system.

JIANG Jie,ZHANG Jie,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.09.011

2009-01-01

Abstract:An extended context-aware role based access control(RBAC) based on reasoning(RC-RBAC) model was proposed by integrating the single context-aware RBAC and reasoning-based RBAC in order to solve the problems of the Absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC.The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions.The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules.The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the real-time access control management complexity.

Tang Bo,Li Qi,Sandhu Ravi

DOI: https://doi.org/10.1109/PST.2013.6596058

2013-01-01

Abstract:Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures. In this setting, a tenant temporarily uses a piece of virtually dedicated software, platform, or infrastructure. To fully benefit from the cloud, tenants are seeking to build controlled and secure collaboration with each other. In this paper, we propose a Multi-Tenant Role-Based Access Control (MT-RBAC) model family which aims to provide fine-grained authorization in collaborative cloud environments by building trust relations among tenants. With an established trust relation in MT-RBAC, the trustee can precisely authorize cross-tenant accesses to the truster's resources consistent with constraints over the trust relation and other components designated by the truster. The users in the trustee may restrictively inherit permissions from the truster so that multi-tenant collaboration is securely enabled. Using SUN's XACML library, we prototype MT-RBAC models on a novel Authorization as a Service (AaaS) platform with the Joyent commercial cloud system. The performance and scalability metrics are evaluated with respect to an open source cloud storage system. The results show that our prototype incurs only 0.016 second authorization delay for end users on average and is scalable in cloud environments.

Ruhi Gupta

DOI: https://doi.org/10.48550/arXiv.1403.2043

2014-03-09

Distributed, Parallel, and Cluster Computing

Abstract:Cloud Computing is flourishing day by day and it will continue in developing phase until computers and internet era is in existence. While dealing with cloud computing, a number of security and traffic related issues are confronted. Load Balancing is one of the answers to these issues. RBAC deals with such an answer. The proposed technique involves the hybrid of FCFS with RBAC technique. RBAC will assign roles to the clients and clients with a particular role can only access the particular document. Hence identity management and access management are fully implemented using this technique.

Wang Zhenjiang,Liu Qiang

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.35.009

2005-01-01

Abstract:Authority Management is a most important aspect of Information Systems.A successful information system is always supported by a well-designed access control system.Role-based access control policy,which is the focus of access control study nowadays,is more flexible and less management burden.Based on Role-Based Access Control(RBAC) and Task-Role-based Access Control,this paper gives a flexible extended access contrl models,XRBAC,standing for Extended Role-Based Access Control,which extends the definition of role management and authority.

Ok-Chol Ri,Yong-Jin Kim,You-Jin Jong

DOI: https://doi.org/10.48550/arXiv.2203.00351

2022-03-04

Abstract:In recent years, cloud computing has been developing rapidly and is widely used in various fields such as commerce and scientific research. However, security issues, including access control, are a very important problem in popularizing cloud computing and this has influenced its wide application of cloud computing. As one of the solutions to these problems, we have proposed a blockchain-based role-based access control model with the separation of duties constraints in a cloud environment. In the model, we used Hyperledger Fabric as a blockchain platform for storing the access control policies and provided several functions for effective role management. In addition, we presented an access control scheme for cloud storage data by combining the proposed model and the verification mechanism for the user's ownership of a role and analyzed the security properties of the scheme. Finally, we deployed Hyperledger Fabric test network, implemented an online test system that performs access control using the proposed scheme in the Ali cloud environment, and evaluated the model performance in this scenario.

Cryptography and Security

Ruoyu Wu,Xinwen Zhang,Gail‐Joon Ahn,Hadi Sharifi,Haiyong Xie

IF: 56.9

2013-01-01

Science

Abstract:Organizations and enterprises have been outsourcing their computation, storage, and workflows to Infrastructure-as-a-Service (IaaS) based cloud platforms. The heterogeneity and high diversity of IaaS cloud environment demand a comprehensive and finegrained access control mechanism, in order to meet dynamic, extensible, and highly configurable security requirements of these cloud consumers. However, existing security mechanisms provided by IaaS cloud providers do not satisfy these requirements. To address such an emergent demand, we propose a new cloud service called access control as a service (ACaaS), a service-oriented architecture in cloud to support multiple access control models, with the spirit of pluggable access control modules in modern operating systems. As a proof-of-concept reference prototype, we design and implement ACaaSRBAC to provide role-based access control (RBAC) for Amazon Web Services (AWS), where cloud customers can easily integrate the service into enterprise applications in order to extend RBAC policy enforcement in AWS. We describe challenges and lessons in implementing ACaaSRBAC, demonstrate how this service can be seamlessly integrated with enterprise cloud applications, and discuss evaluation results.

N.N.Thilakarathne,Dilani Wickramaaarachchi

DOI: https://doi.org/10.48550/arXiv.2011.07764

2020-11-16

Abstract:Cloud computing is considered as the one of the most dominant paradigm in field of information technology which offers on demand cost effective services such as Software as a service (SAAS), Infrastructure as a service (IAAS) and Platform as a service (PAAS).Promising all these services as it is, this cloud computing paradigm still associates number of challenges such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all these security requirements of cloud computing access control is the one of the fundamental requirement in order to avoid unauthorized access to a system and organizational assets. Main purpose of this research is to review the existing methods of cloud access control models and their variants pros and cons and to identify further related research directions for developing an improved access control model for public cloud data storage. We have presented detailed access control requirement analysis for cloud computing and have identified important gaps, which are not fulfilled by conventional access control models. As the outcome of the study we have come up with an improved access control model with hybrid cryptographic schema and hybrid cloud architecture and practical implementation of it. We have tested our model for security implications, performance, functionality and data integrity to prove the validity. We have used AES and RSA cryptographic algorithms to implement the cryptographic schema and used public and private cloud to enforce our access control security and <a class="link-external link-http" href="http://reliability.By" rel="external noopener nofollow">this http URL</a> validating and testing we have proved that our model can withstand against most of the cyber attacks in real cloud environment. Hence it has improved capabilities compared with other previous access control models that we have reviewed through literature.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Ting CAI,Qing-bin NIE,Kai OUYANG,Jing-li ZHOU

DOI: https://doi.org/10.3969/j.issn.1007-130X.2017.04.012

2017-01-01

Abstract:We propose an enhanced role-based access control (ERBAC) model to solve the shortcomings of the RBAC's resource usage constraints,policy management and interoperability security in multi-domain cloud systems.Firstly,we introduce elements of containers and two role cardinality constraints into the RBAC,and establish the containers + dynamic role cardinality constraints based resource usage policy.Secondly,we study the role inheritance management for multi-domains in depth and present an inter-domain policy management function,whose objective is to check for the number of violations before committing an inter-domain role inheritance relation.Then,various security detection algorithms for policy conflict are given.Analysis results show that the ERBAC model can improve the security of inter-domain interoperation,enforce usage constraints upon resources and manage the security policies in an easy and effective way,which proves to be feasible and applicable for multi-domain cloud systems.

ZHANG Shuai,SUN Jian-ling,XU Bin,HUANG Chao

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.11.015

2012-01-01

Abstract:A dynamic multiple domains access control model base on role based access control(RBAC) was proposed in order to solve the problem that current single domain based access control model cannot fulfill the authorization requirements for service compositions crossing multiple enterprises.The process structures were analyzed and a role mining algorithm was proposed to find the role set with minimized permissions that meet the access requirements of composite services.Authorization negotiations were set up among relevant domains for each cross domain operation in composite services and cross domain role mappings were built according the mined role sets with minimized cost to fulfill the cross domain operations.Based on this model,a runtime framework aligned with current industry standard was proposed to authorize dynamically based on the current running status of composite services.Simulation experiments showed the effectiveness of key part of the role mining algorithm.

Yan Zhu,Di Ma,Changjun Hu,Dijiang Huang

DOI: https://doi.org/10.1145/2484402.2484411

2013-01-01

Abstract:ABSTRACTThis paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attribute, whereby a user holding the senior attribute values acquires permissions of their juniors. Based on these notations, we present a new ABE scheme called Attribute-Based Encryption with Attribute Lattice (ABE-AL) that provides an efficient approach to implement comparison operations between attribute values on a poset derived from attribute lattice. By using bilinear groups of composite order, we propose a practical construction of ABE-AL based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation solution, which can significantly reduce the size of privatekeys and ciphertexts. Furthermore, our solution provides a richer expressive power of access policies to facilitate flexible access control for ABE scheme.

Ruoyu Wu,Xinwen Zhang,Gail-Joon Ahn,Hadi Sharifi,Haiyong Xie

DOI: https://doi.org/10.1109/SocialCom.2013.66

2013-01-01

Abstract:Organizations and enterprises have been outsourcing their computation, storage, and workflows to Infrastructure-as-a-Service (IaaS) based cloud platforms. The heterogeneity and high diversity of IaaS cloud environment demand a comprehensive and fine-grained access control mechanism, in order to meet dynamic, extensible, and highly configurable security requirements of these cloud consumers. However, existing security mechanisms provided by IaaS cloud providers do not satisfy these requirements. To address such an emergent demand, we propose a new cloud service called access control as a service (ACaaS), a service-oriented architecture in cloud to support multiple access control models, with the spirit of plug gable access control modules in modern operating systems. As a proof-of-concept reference prototype, we design and implement ACaaS_RBAC to provide role-based access control (RBAC) for Amazon Web Services (AWS), where cloud customers can easily integrate the service into enterprise applications in order to extend RBAC policy enforcement in AWS.

Yi-qun Zhu,Jian-hua Li,Quan-hai Zhang

DOI: https://doi.org/10.5220/0002100404710474

2006-01-01

Abstract:A key challenge in Web services security is the design of effective access control schemes that can adequately satisfy Web services security requirements. Despite the recent advances in Web based access control, there remain issues that impede the development of effective access control models for Web services environments. One of them is the lacks of dynamic role management and attributes access control for Web services. In this paper, we present a dynamic attribute-based role-based access control model (DARBAC) to address the issues. The proposed approach introduces authorization group, which is used to dynamically manages roles and privileges, and attribute based access control mechanism which is used to protect the services and services parameters. We outline the configuration mechanism needed to apply our model to the Web services environments.

Sarath Pathari

DOI: https://doi.org/10.48550/arXiv.2004.14746

2020-04-30

Abstract:Secure distributed storage, which is a rising cloud administration, is planned to guarantee the mystery of re-appropriated data yet also to give versatile data access to cloud customers whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is seen as a champion among the most reassuring frameworks that may be used to verify the confirmation of the administration. Be that as it may, the use of CP-ABE may yield an unavoidable security burst which is known as the abuse of access accreditation (for example decoding right). In this paper, we look at the two essential occurrences of access accreditation misuse: one is on the semi-believed specialist side, and the other is supportive of the cloud customer. To ease the abuse, we propose revocable CP-ABE based distributed storage structure with express renouncing, planned information getting to and numerous examining capacities alluded as Cloud+.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Priyanka Kamboj,Shivang Khare,Sujata Pal

DOI: https://doi.org/10.1007/s12083-021-01150-1

2021-04-28

Abstract:Since the last few decades, information security has become a significant challenge for organizations' system administrators. However, the Role-Based Access Control (RBAC) model has emerged as a viable solution for organizations to meet the security requirement due to its less administrative overhead. Blockchain technology is distributive and can be used effectively in user authentication and authorization challenges. This paper proposes an RBAC model using a blockchain-based smart contract for managing user-role permissions in the organization. We design a threat and security model to resist attacks such as man-in-the-middle attacks in an organization scenario. The proposed approach uses the Ethereum blockchain platform and its smart contract functionalities to model user-resource communications. The proposed method is tested on Ropsten Ethereum Test Network and evaluated to analyze user authentication, verification, cost, and security.

computer science, information systems,telecommunications

Q Li,JP Shi,SH Qing

DOI: https://doi.org/10.1109/icebe.2005.23

2005-01-01

Abstract:Role-based access control (RBAC) model has been widely deployed for Web security. In some large-enterprise-wide situations, however, this model is difficult to manage due to huge amount of users, roles and interrelationships. As a result, the applications of this model are greatly limited. To address this problem, we present in this paper a decentralized RBAC model (DRBAC) by proposing a new concept of groups and by introducing non-trivial modifications to the user-role assignment of the existing models