Fangbo Cai,Nafei Zhu,Jingsha He,Pengyu Mu,Wenxin Li,Yi Yu

DOI: https://doi.org/10.1007/s10586-018-1850-7

2018-01-01

Cluster Computing

Abstract:Access control is an important measure for the protection of information and system resources to prevent illegitimate users from getting access to protected objects and legitimate users from attempting to access the objects in ways that exceed what they are allowed. The restriction placed on access from a subject to an object is determined by the access policy. With the rapid development of cloud computing, cloud security has increasingly become a common concern and should be dealt with seriously. In this paper, we survey access control models and policies in different application scenarios, especially for cloud computing, by following the development of the internet as the main line and by examining different network environments and user requirements. Our focus in the survey is on the relationships among different models and technologies along with the application scenarios as well as the pros and cons of each model. Special attention will be placed on access control for cloud computing, which is reflected in the summaries of the access control models and methods. We also identify some emerging issues of access control and point out some future research directions for cloud computing.

Guo-yuan LIN,Shan HE,Hao HUANG,Ji-yi WU,Wei CHEN

2012-01-01

Abstract:In view of the current popular cloud computing technology,some security problems were analyzed.Based on BLP(Bell-LaPadula) model and Biba model,using the access control technology based on behavior to dynamic adjusting scope of subject's visit,it put forward the CCACSM ( cloud omputing access control security model).The model not only guarantees the cloud computing environment information privacy and integrity,and makes cloud computing environment with considerable flexibility and practical.At last,it gives the model's part,safety justice and realization process.

Yu-Ding WANG,Jia-Hai YANG,Cong XU,Xiao LING,Yang YANG

DOI: https://doi.org/10.13328/j.cnki.jos.004820

2015-01-01

Abstract:With the intensive and large scale development of cloud computing, security becomes one of the most important problems. As an important part of security domain, access control technique is used to limit users' capability and scope to access data and ensure the information resources not to be used and accessed illegally. This paper focuses on the state-of-the-art research of access control technology in cloud computing environment. First, it briefly introduces access control theory, and discusses the access control framework in cloud computing environment. Then, it thoroughly surveys the access control problems in cloud computing environment from three aspects including cloud access control model, cloud access control based on ABE (attribute-based encryption) cryptosystem, and multi-tenant and virtualization access control in cloud. In addition, it probes the best current practices of access control technologies within the major cloud service providers and open source cloud platforms. Finally, it summarizes the problems in the current research and prospects the development of future research.

Yuding WANG,Jiahai YANG

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

2017-01-01

Abstract:The key cloud computing characteristics,such as data openness,elasticity,and sharing,complicate data access control.Traditional access control models cannot provide flexible,dynamic access control to large numbers of users with massive data files.This paper presents a data access control model based on the data's role and attribute for cloud computing.An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status,and can access data with different attributes.The paper illustrates the design of this model and the work processes and provides a theoretical security analysis.The results show that the model can provide dynamic,safe,fine grained access control for users accessing data in a cloud environment.

Mang Su,Anmin Fu,Yan Yu,Guozhen Shi

DOI: https://doi.org/10.1109/trustcom.2016.0299

2016-01-01

Abstract:More and more people prefer to obtain information from cloud. Different users tend to access different resources they interested at anytime across different networks by a variety of equipments. As same as the traditional management of file, the lifecycle theory is still suitable the electronic data in cloud computing. Firstly, we analyze the motivation of access control in cloud, and summarize the security requirements for the data management in the whole lifecycle. Second, we propose a resource-centric dynamic adaptive access control model (RCDA), which is extended from the action-based access control (ABAC). RCDA is able to describe other access control models through the way of customization. Furthermore, we give the scheme for implementation of RCDA. Finally, we make the comparisons between the RCDA and other existing models, and the results indicate that RCDA is able to satisfy the security requirements for the whole lifecycle of data by adaptively adjusting the access control policies.

Yu Huiqun,Fan Guisheng

DOI: https://doi.org/10.3969/j.issn.1007-757X.2013.01.001

2013-01-01

Abstract:Security problem is one of the most concerned issues in cloud computing application.Features of cloud computing such as resource virtualization,distributed locations,behavioral dynamics,make its security a challenging problem.This paper addresses security models and management in cloud computing.Characteristics of cloud computing architectures are analyzed.A security framework of cloud computing and its components are proposed.Three phases of security management mode in cloud computing,i.e.,protection,monitoring and response,are presented.A sticky cloud data security policy model and its management mechanisms are articulated as well.

Dang-Dang Niu,Lei Liu,Xin Zhang,Shuai Lü,Zhuang Li

DOI: https://doi.org/10.1007/s11633-016-1014-2

2016-01-01

International Journal of Automation and Computing

Abstract:Cloud computing is one of the fastest growing and popular computer technologies, and there are more and more enterprise services based on the cloud computing. In order to save costs, more and more enterprises and their employees have hired the enterprise cloud services, and put much important information in the cloud gradually. Cloud service systems have become the main targets of malicious attacks. However, the cloud computing technologies are still not perfect, and the management and maintenance of enterprise cloud services are more complex compared to traditional network services of cloud computing. So, enterprise cloud services are more likely to encounter some security problems, and the influenced scale of these security problems is broad. But there are few researches on the security of enterprise cloud services. In this paper, we analyze the software as a service (SaaS) enterprise cloud services and introduce the research status of security problems in cloud computing environment. Combining with the analysis of the characteristics and application architecture of SaaS enterprise cloud services, we propose the security problems analysis model, the analysis system architecture and the relational model. Our researches can support further research of the automatic generation of solutions and guide the deployment of security policies of SaaS enterprise cloud services.

Li Qianmu,Yin Jie,Hou Jun,Xu Jian,Zhang Hong,Qi Yong

DOI: https://doi.org/10.1007/978-3-642-18129-0_68

2011-01-01

Abstract:A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

Wenhui Wang,Jing Han,Meina Song,Xiaohui Wang

DOI: https://doi.org/10.1109/icpca.2011.6106526

2011-01-01

Abstract:Today, the problem of trusting cloud computing is a paramount concern for most enterprises. Whether user behavior is trusted and how to evaluate user's behavior trust are important research contents in cloud computing. This paper suggests an adaptive access algorithm by introducing the trust into cloud computing to decide the access control to the resources using an improved RBAC technique to solve more complex and difficult problems in the cloud computing environment. And the proposed model determines dynamically security level and access control for the common resources. Therefore, it is supposed to provide appropriate security services according to the dynamic changes of the common resources. This access control model bases on trust determines whether the user has the right to get access to the resource by dynamically authorizing. And this mechanism can control the user's malicious behavior effectively.

Jianhua Che,Yamin Duan,Tao Zhang,Jie Fan

DOI: https://doi.org/10.1016/j.proeng.2011.11.2551

2011-01-01

Procedia Engineering

Abstract:Cloud computing is introducing many huge changes to people's lifestyle and working pattern recently for its multitudinous benefits. However, the security of cloud computing is always the focus of numerous potential cloud customers, and a big barrier for its widespread applications. In this paper, to facilitate customers to understand the security status quo of cloud computing and contribute some efforts to improving the security level of cloud computing, we surveyed the existing popular security models of cloud computing, e.g. multiple-tenancy model, risk accumulation model, cube model of cloud computing, and summarized the main security risks of cloud computing deriving from different organizations. Finally, we gave some security strategies from the perspective of construction, operation and security incident response to relieve the common security issues of cloud computing.

English Else

Xiao-Yong Li,Yong Shi,Yu Guo,Wei Ma

DOI: https://doi.org/10.1109/cise.2010.5677061

2010-01-01

Abstract:Though cloud computing has many advantages, it still faces a big challenge of security and privacy problem. This problem is also an obstacle to cloud computing since no one is willing to run his businesses in facilities he has no control over it. Moreover, since cloud computing is a multi-tenancy IT service mode, there should be a capability to compartmentalize different customers in cloud facilities; therefore, security duty separation between CSP and customers must be supported in cloud. However, this security duty separation is not common in traditional security mechanisms. Multi-tenancy based access control model (MTACM) was designed to embed the security duty separation principle in cloud; it was a two granule level access control mechanism, one was tenant granule for CSP to compartmentalize different customers, the other was application granule for customers to control the access to their own applications. MTACM was technically and practically feasible. A prototype introduced in this paper showed that MTACM has a good performance.

刘邵星,杨尚跃,杨树国

2014-01-01

Abstract:Cloud computing security issues is the main problem of the cloud computing progress and a research focus of the IT field .T his paper firstly introduces the characteristics and service models of cloud computing .T hen it summarizes the cloud computing security issues .Finally according to the cloud computing level arckitectrure ,it discuss the securty policies to deal with the security promblems of each layer and puts forward a cloud computing security framework .

Ruoyu Wu,Xinwen Zhang,Gail‐Joon Ahn,Hadi Sharifi,Haiyong Xie

IF: 56.9

2013-01-01

Science

Abstract:Organizations and enterprises have been outsourcing their computation, storage, and workflows to Infrastructure-as-a-Service (IaaS) based cloud platforms. The heterogeneity and high diversity of IaaS cloud environment demand a comprehensive and finegrained access control mechanism, in order to meet dynamic, extensible, and highly configurable security requirements of these cloud consumers. However, existing security mechanisms provided by IaaS cloud providers do not satisfy these requirements. To address such an emergent demand, we propose a new cloud service called access control as a service (ACaaS), a service-oriented architecture in cloud to support multiple access control models, with the spirit of pluggable access control modules in modern operating systems. As a proof-of-concept reference prototype, we design and implement ACaaSRBAC to provide role-based access control (RBAC) for Amazon Web Services (AWS), where cloud customers can easily integrate the service into enterprise applications in order to extend RBAC policy enforcement in AWS. We describe challenges and lessons in implementing ACaaSRBAC, demonstrate how this service can be seamlessly integrated with enterprise cloud applications, and discuss evaluation results.

Yu Zhang,Jing Chen,Ruiying Du,Lan Deng,Yang Xiang,Qing Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.42

2014-01-01

Abstract:In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Zhaohai Zhang,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664408

2012-01-01

Abstract:Cloud computing is a set of resources and services offered through the Internet. The services of cloud are delivered from data centers located all over the world. Multi-tenancy is the common feature of public cloud and private cloud. Multi-tenancy service is defined as the capability of a single software instance to provide its service to several parties simultaneously. In cloud computing, multi-tenancy service has many advantages. Compared with traditional softwares, multi-tenancy service can lower the software's cost, get more profit and have obvious advantages and prospects. Under this condition, the security problems of multitenancy in cloud become important. This paper studies the multi-tenancy service in cloud, and presents an authorization model and the architecture of the model. This authorization model can provide a convenient authorization service for multi-tenancy services in cloud.

MA Qiang,AI Zhong-Liang

DOI: https://doi.org/10.3969/j.issn.1000-7024.2012.12.014

2012-01-01

Abstract:In order to solve the security problems of operation and management in IaaS(Infrastructure as a Service),a access control mechanism is designed based on the traditional access control model and the features of IaaS.Firstly,the secure features of cloud computing and the inadequacies of existing programs are analyzed,It is pointed out the security of IaaS is the basis for the security of cloud computing.Then,according to four design principles,the CIRBAC model and the CITE model are designed,which can be used in the infrastructure layer of cloud computing based on the RBAC model and the TE model,and the modules of the models is designed in detail.Finally,the models are achieved at the openstack environment with Xen-based virtualization layer.The model enhances the security of IaaS.

Mang Su,Fenghua Li,Guozhen Shi,Li Li

2012-01-01

International Journal of Security and Its Applications

Abstract:The new computing modes, such as mobile computing, distributed computing, cloud computing and ubiquitous computing, etc., have brought about diversification and open features to the expression, exchange and access of computer network information. The multilevel security management is widely used in operation systems and information management systems. Focus on the multi-level security problem in various network environments, this paper defines the security identity, environment and temporal state of object, based on the ABAC (Action Based Access Control), and shows the security level, access scope and the demand of environment and temporal state of accessing subject, then proposes a multi-level security access control mechanism. Finally, an application example is given.

Chao-sheng FENG,Zhi-guang QIN,Ding YUAN,Yu QING

DOI: https://doi.org/10.3969/j.issn.0372-2112.2015.02.017

2015-01-01

Abstract:The loss of on-board domain and appearance of multi-tenant context bring some new problems and challenges to access control .In this paper ,these problems are listed and the reasons are analyzed first .And then ,aiming at these problems ,the corresponding solutions and techniques are introduced in terms of identity provision ,authentication ,authorization ,identity federation and single sign-on .Next ,latest works about access control of cloud computing are reviewed in terms of access control models ,at-tribute based access control of cipher text ,and access control of outsourcing data .At last ,the trend of study on access control of cloud computing is analyzed and predicted .

Zhuo Tang,Juan Wei,Ahmed Sallam,Kenli Li,Ruixuan Li

DOI: https://doi.org/10.1007/978-3-642-30767-6_24

2012-01-01

Abstract:Access Control is an important component of Cloud Computing; specially, User access control management; however, Access Control in Cloud environment is different from traditional access environment and using general access control model can't cover all entities within Cloud Computing, noting that Cloud environment includes different entities such as data owner, end user, and service provider. In this paper, we propose a new access control based on Role-based access control (RBAC) model. This model includes two kind of roles, user role (UR) and owner role (OR); such that, Users get credential from owners to communicate with service provider and to get access permissions of resources. We also discuss the aspects of user access control management, such as authentication, privilege management, and deprovisioning. Moreover, we use administrative scope to update hierarchy when there is a role added or revoked to simplify the user access control management. By applying the model in Cloud environment the results shows that it can reduce the security problems to two classes in the RT [←,∩] role-based trust-management language with a test-paper system.

Kai Fan,Qiong Tian,Nana Huang,Yue Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/iccchina.2016.7636861

2016-01-01

Abstract:With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection（PS-ACS）. In the PS-ACS scheme, we divide users into private domain（PRD） and public domain（PUD） logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption（KAE） and the Improved Attribute-based Signature（IABS） respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption（CP-ABE） scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users’ privacy in cloud-based services.