Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

Mang Su,Anmin Fu,Yan Yu,Guozhen Shi

DOI: https://doi.org/10.1109/trustcom.2016.0299

2016-01-01

Abstract:More and more people prefer to obtain information from cloud. Different users tend to access different resources they interested at anytime across different networks by a variety of equipments. As same as the traditional management of file, the lifecycle theory is still suitable the electronic data in cloud computing. Firstly, we analyze the motivation of access control in cloud, and summarize the security requirements for the data management in the whole lifecycle. Second, we propose a resource-centric dynamic adaptive access control model (RCDA), which is extended from the action-based access control (ABAC). RCDA is able to describe other access control models through the way of customization. Furthermore, we give the scheme for implementation of RCDA. Finally, we make the comparisons between the RCDA and other existing models, and the results indicate that RCDA is able to satisfy the security requirements for the whole lifecycle of data by adaptively adjusting the access control policies.

Chunhua Gu,Fei Luo,Ya Li,Weichao Ding

DOI: https://doi.org/10.1109/compcomm.2018.8780863

2018-01-01

Abstract:The characteristic of the cloud computing, resources sharing, determines that user behavior trustworthiness is crucial to the security of cloud resources. However, the traditional access control model (Role Based Access Control, RBAC) is only based on user identity trust and does not consider whether the user behavior is trusted or not, and the authorization mechanism is static, lacking of flexibility. Moreover, the lack of monitoring of user behavior makes it unable to timely detect and prevent the illegal operation of users. In view of the above several problems, this paper improves the traditional RBAC model, introduces the concepts of user trust evaluation and security level to the RBAC, uses the fuzzy analytic hierarchy process (FAHP) to calculate the user trust value, supervise and control the process when the user executes permissions, so as to achieve the purpose of dynamic access control based on user identity trust and behavior trust. The results of validation analysis of the improved model show that the improved RBAC model overcomes the shortcomings of the traditional RBAC model and can better protect the security of cloud resources, with small control granularity and good flexibility.

Liu Wu,Sun Donghong,Ren Ping,Liu Ke

DOI: https://doi.org/10.1109/fskd.2016.7603356

2016-01-01

Abstract:A Reputation and Attribute Based Dynamic Access Control (RA-DAC) Framework for Privacy Protection in Cloud Computing Environment was presented in this paper. First, RA-DAC is used to encourage honest users for their good actions in cloud environment. Second, RA-DAC is also used to constraint malicious users for their destructive actions in cloud environment. And finally, based on RA-DAC we developed the Reputation and Attribute Based Dynamic Access Control System (RA-DACS) which is used to detect the malicious behaviors of dishonest users and automatically prevent their further action to threaten the security of the cloud computing environment.

Zuhua Guo,Yangbo Li,Lixin Xu,Xiao Zhang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2015.11.052

2015-01-01

Abstract:In the cloud service environment,virtualization puts forward higher requirements to network security risk assess-ment.Through constructing a virtual component-centric system risk evaluation model on the cloud computing virtualization platform,the paper implemented network security risk prediction for the Web service DDoS attack.This model used a hierar-chical analysis method to achieve a risk prediction of Web service that improved the prediction accuracy of risk values.Mean-while,the paper used of RBF neural network for prediction parallelization,which achieved the purpose of rapid real-time pre-diction with multiple nodes.Experimental tests show that the method has a better risk evaluation result,which can provide scientific basis for developing the network security defense strategy of cloud computing systems.

Fan Lin,Jianbin Xiahou,Wenhua Zeng

DOI: https://doi.org/10.6138/jit.2015.16.7.20151103e

2015-01-01

Abstract:Virtualization asks for safer and better quality to service-oriented cloud computing system suppliers. Most of the traditional researching is focus on the risk assessment of the information system and DDoS, but lacking of researching on cloud computing in deep. So that the service-oriented cloud computing system risk evaluation researching is very essential. In this paper, we build a service-oriented cloud computing system risk assessment framework that using distributed dynamic status monitoring of virtual machine system and making risk prediction value to summarizing the final risk assessment level of the system as a whole. The model can be used in monitoring, identifying, predicting and evaluating for cloud computing security risk that is having effect on the risk evaluation of virtual machine node and whole cloud system. First we proposed a new method to identifying risk named LSA-GCC that used LSA for analyzing log files and cluster for classifying. The method doing the feed forward risk identification by collecting the log of the operating system and Web Service that are on VM node level,and the LSA-SAM method can improved the detecting accuracy for abnormal events. Then the risk predictiton method had been proposed that combined with RBFNN(Radial Basis Function Neural Network) and AHP. This method build a risk predicting model by AHP(Analytic Hierarchy Process) that consists of four indicators, that are P (performance), T (Time), A (event statistics) and R (risk identification). Each indicator include some monitoring parameters that can compute the risk indicator value by weight matrix. Experimental results show that MRPGA-RBF risk prediction method can predictive risk value accurately.

Hanene Boussi Rahmouni,Kamran Munir,Mohammed Odeh,Richard McClatchey

DOI: https://doi.org/10.48550/arXiv.1202.5482

2012-11-13

Abstract:There is widespread agreement that cloud computing have proven cost cutting and agility benefits. However, security and regulatory compliance issues are continuing to challenge the wide acceptance of such technology both from social and commercial stakeholders. An important facture behind this is the fact that clouds and in particular public clouds are usually deployed and used within broad geographical or even international domains. This implies that the exchange of private and other protected data within the cloud environment would be governed by multiple jurisdictions. These jurisdictions have a great degree of harmonisation; however, they present possible conflicts that are hard to negotiate at run time. So far, important efforts were played in order to deal with regulatory compliance management for large distributed systems. However, measurable solutions are required for the context of cloud. In this position paper, we are suggesting an approach that starts with a conceptual model of explicit regulatory requirements for exchanging private data on a multijurisdictional environment and build on it in order to define metrics for non-compliance or, in other terms, risks to compliance. These metrics will be integrated within usual data access-control policies and will be checked at policy analysis time before a decision to allow/deny the data access is made.

Distributed, Parallel, and Cluster Computing

Guo-yuan LIN,Shan HE,Hao HUANG,Ji-yi WU,Wei CHEN

2012-01-01

Abstract:In view of the current popular cloud computing technology,some security problems were analyzed.Based on BLP(Bell-LaPadula) model and Biba model,using the access control technology based on behavior to dynamic adjusting scope of subject's visit,it put forward the CCACSM ( cloud omputing access control security model).The model not only guarantees the cloud computing environment information privacy and integrity,and makes cloud computing environment with considerable flexibility and practical.At last,it gives the model's part,safety justice and realization process.

Jian Wang,Chunxiao Ye,Yangfei Ou

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00092

2019-01-01

Abstract:Cloud computing have brought a lot of advantages, such as reducing the hardware cost and providing a convenient cloud storage service. More and more people choose to put their private data in the cloud. However, due to data outsourcing and seminal-trusted cloud servers, data access control has becoming a challenging issue. To protect data security and privacy, some ciphertext policy attribute-based encryption (CP-ABE) schemes have been applied to cloud data access control. However, there are two dynamic issues, namely attribute revocation and policy updating, that need to be solved in the existing CP-ABE schemes. In this paper, we propose a fine-grained dynamic multi-authority cloud data access control scheme, which can solve the above two problems. Besides, our scheme can also support user revocation, which make it more practical. The analysis and simulation results show that our scheme is secure in the random oracle model and is efficient.

Aiguo Chen,Guoming Lu,Hanwen Xing,Yuan Xie,Shunwei Yuan

DOI: https://doi.org/10.1177/1550147720921778

IF: 1.938

2020-01-01

International Journal of Distributed Sensor Networks

Abstract:With the rapid development of intelligent perception and other data acquisition technologies in the Internet of things, large-scale scientific workflows have been widely used in geographically distributed multiple data centers to realize high performance in business model construction and computational processing. However, insider threats pose very significant privacy and security risks to systems. Traditional access-control models can no longer satisfy the reasonable authorization of resources in these new cross-domain environments. Therefore, a dynamic and semantic-aware access-control model is proposed for privacy preservation in multiple data center environments, which implements a semantic dynamic authorization strategy based on an anomaly assessment of users’ behavior sequences. The experimental results demonstrate that this dynamic and semantic-aware access-control model is highly dynamic and flexible and can improve the security of the application system.

Yuding WANG,Jiahai YANG

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

2017-01-01

Abstract:The key cloud computing characteristics,such as data openness,elasticity,and sharing,complicate data access control.Traditional access control models cannot provide flexible,dynamic access control to large numbers of users with massive data files.This paper presents a data access control model based on the data's role and attribute for cloud computing.An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status,and can access data with different attributes.The paper illustrates the design of this model and the work processes and provides a theoretical security analysis.The results show that the model can provide dynamic,safe,fine grained access control for users accessing data in a cloud environment.

Yuchen Wu,Pingping Liu

DOI: https://doi.org/10.21307/ijanmc-2019-050

2019-01-01

Abstract:Abstract In order to ensure the security of data in cloud computing, a trust-role-based hybrid cloud computing access control model is proposed based on the combination of role-based and trust-based access control models. The model introduces the calculation of trust based on the role-based access control, that is, the user needs to verify the trust value in order to obtain the permission to access the data. Through the application in the local business system, it shows that the model can effectively solve the user’s legitimate access to the data in the cloud, that is, to protect the security of the data in the cloud. The trust-based access control model has good advantages in terms of system throughput and storage space. As the number of user requests increases, both access control methods increase significantly in terms of throughput, but when the number of user requests reaches 10, the system throughput of both access control methods decreases, but based on trust - The role’s access control method is always larger than the role-based access control method in terms of throughput, which roughly increases the total amount by about ten percent.

Wenan TAN -,Yicheng XU -,Ting ZHANG -,Xiang WEN -,Linshan Cui -,Chuanqun JIANG -

DOI: https://doi.org/10.4156/jdcta.vol5.issue7.16

2011-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Currently, the security issues of Web services are hot area in information system (IS). This research mainly discusses the key technologies of information access control focusing on following works: After analyzing the dynamic characteristic of application nature for Web services, a Dynamic Role-Based Access Control using Context and Trust model (abbreviated as CT-DRBAC) for Web services is proposed. During Web services, both the subject of invoking request and object of providing service resources are dynamic nature. So, access policies are needed to consider the dynamic nature. The proposed model has been developed and the authorization framework is discussed detail. In order to implement the dynamic trust management mechanism, a dynamic user role authorization algorithm which considers the user lifecycle contexts in the open systems is proposed and designed to meet the dynamic characteristic of subject and object effectively, and achieve intelligent and scientific user role assignments. The proposed access control module can be used in intelligent information systems to grant dynamically roles to users according to the current context.

Weiwei Lin,James Z. Wang,Chen Liang,Deyu Qi

DOI: https://doi.org/10.1016/j.proeng.2011.11.2568

2011-01-01

Abstract:Compared to traditional distributed computing paradigms, a major advantage of cloud computing is the ability to provide more reliable, affordable, flexible resources for the applications (or users). The need to manage the applications in cloud computing creates the challenge of on-demand resource provisioning and allocation in response to dynamically changing workloads. Currently most of these existing methods focused on the optimization of allocating physical resources to their associated virtual resources and migrating virtual machines to achieve load balance and increase resource utilization. Unfortunately, these methods require the suspension of the cloud computing applications due to the mandatory shutdown of the associated virtual machines. In this paper, we study the resource allocation at the application level, instead of studying how to map the physical resources to virtual resources for better resource utilization in cloud computing environment. We propose a threshold-based dynamic resource allocation scheme for cloud computing that dynamically allocate the virtual resources (virtual machines) among the cloud computing applications based on their load changes (instead of allocating resources needed to meet peak demands) and can use the threshold method to optimize the decision of resource reallocation. The proposed threshold-based dynamic resource allocation scheme is implemented by using CloudSim, and experimental results show the proposed scheme can improve resource utilization and reduce the user usage cost. (C) 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of [name organizer]

Yufu Wang,Mingwei Zhu,Jiaqiang Yuan,Guanghui Wang,Hong Zhou

2024-04-15

Abstract:Cloud computing (cloud computing) is a kind of distributed computing, referring to the network "cloud" will be a huge data calculation and processing program into countless small programs, and then, through the system composed of multiple servers to process and analyze these small programs to get the results and return to the user. This report explores the intersection of cloud computing and financial information processing, identifying risks and challenges faced by financial institutions in adopting cloud technology. It discusses the need for intelligent solutions to enhance data processing efficiency and accuracy while addressing security and privacy concerns. Drawing on regulatory frameworks, the report proposes policy recommendations to mitigate concentration risks associated with cloud computing in the financial industry. By combining intelligent forecasting and evaluation technologies with cloud computing models, the study aims to provide effective solutions for financial data processing and management, facilitating the industry's transition towards digital transformation.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Dawood Behbehani,Nikos Komninos,Khalid Al-Begain,Muttukrishnan Rajarajan

DOI: https://doi.org/10.1186/s13677-023-00454-2

2023-05-17

Journal of Cloud Computing

Abstract:Cloud computing adoption has been increasing rapidly amid COVID-19 as organisations accelerate the implementation of their digital strategies. Most models adopt traditional dynamic risk assessment, which does not adequately quantify or monetise risks to enable business-appropriate decision-making. In view of this challenge, a new model is proposed in this paper for assignment of monetary losses terms to the consequences nodes, thereby enabling experts to understand better the financial risks of any consequence. The proposed model is named Cloud Enterprise Dynamic Risk Assessment (CEDRA) model that uses CVSS, threat intelligence feeds and information about exploitation availability in the wild using dynamic Bayesian networks to predict vulnerability exploitations and financial losses. A case study of a scenario based on the Capital One breach attack was conducted to demonstrate experimentally the applicability of the model proposed in this paper. The methods presented in this study has improved vulnerability and financial losses prediction.

N.N.Thilakarathne,Dilani Wickramaaarachchi

DOI: https://doi.org/10.48550/arXiv.2011.07764

2020-11-16

Abstract:Cloud computing is considered as the one of the most dominant paradigm in field of information technology which offers on demand cost effective services such as Software as a service (SAAS), Infrastructure as a service (IAAS) and Platform as a service (PAAS).Promising all these services as it is, this cloud computing paradigm still associates number of challenges such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all these security requirements of cloud computing access control is the one of the fundamental requirement in order to avoid unauthorized access to a system and organizational assets. Main purpose of this research is to review the existing methods of cloud access control models and their variants pros and cons and to identify further related research directions for developing an improved access control model for public cloud data storage. We have presented detailed access control requirement analysis for cloud computing and have identified important gaps, which are not fulfilled by conventional access control models. As the outcome of the study we have come up with an improved access control model with hybrid cryptographic schema and hybrid cloud architecture and practical implementation of it. We have tested our model for security implications, performance, functionality and data integrity to prove the validity. We have used AES and RSA cryptographic algorithms to implement the cryptographic schema and used public and private cloud to enforce our access control security and <a class="link-external link-http" href="http://reliability.By" rel="external noopener nofollow">this http URL</a> validating and testing we have proved that our model can withstand against most of the cyber attacks in real cloud environment. Hence it has improved capabilities compared with other previous access control models that we have reviewed through literature.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Zechao Liu,Zoe L. Jiang,Xuan Wang,S.M. Yiu,Chunkai Zhang,Xiaomeng Zhao

DOI: https://doi.org/10.1109/TrustCom.2016.0055

2016-01-01

Abstract:Cloud storage service allows data owner to store their big data in the cloud and provides data access to the users. As the cloud server is not trustworthy, we cannot rely on the server to conduct data access control. To protect data security and privacy, Attribute-Based Encryption (ABE) is a promising technique for data access control in cloud storage, because it provides data owner more direct control on access policies. However, there are two dynamic issues, namely attribute revocation and policy updating, that should be solved first before deploying ABE in practice. In this paper, we design a dynamic attribute-based access control scheme, which can solve the above two problems simultaneously. Besides, our scheme can support large universe of attributes, which makes it more available in cloud storage system. The proposed scheme is proved statically secure in random oracle model.