N.N.Thilakarathne,Dilani Wickramaaarachchi

DOI: https://doi.org/10.48550/arXiv.2011.07764

2020-11-16

Abstract:Cloud computing is considered as the one of the most dominant paradigm in field of information technology which offers on demand cost effective services such as Software as a service (SAAS), Infrastructure as a service (IAAS) and Platform as a service (PAAS).Promising all these services as it is, this cloud computing paradigm still associates number of challenges such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all these security requirements of cloud computing access control is the one of the fundamental requirement in order to avoid unauthorized access to a system and organizational assets. Main purpose of this research is to review the existing methods of cloud access control models and their variants pros and cons and to identify further related research directions for developing an improved access control model for public cloud data storage. We have presented detailed access control requirement analysis for cloud computing and have identified important gaps, which are not fulfilled by conventional access control models. As the outcome of the study we have come up with an improved access control model with hybrid cryptographic schema and hybrid cloud architecture and practical implementation of it. We have tested our model for security implications, performance, functionality and data integrity to prove the validity. We have used AES and RSA cryptographic algorithms to implement the cryptographic schema and used public and private cloud to enforce our access control security and <a class="link-external link-http" href="http://reliability.By" rel="external noopener nofollow">this http URL</a> validating and testing we have proved that our model can withstand against most of the cyber attacks in real cloud environment. Hence it has improved capabilities compared with other previous access control models that we have reviewed through literature.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Abdullah Alabdulatif,Navod Neranjan Thilakarathne,Kassim Kalinaki

DOI: https://doi.org/10.3390/electronics12122646

IF: 2.9

2023-06-13

Electronics

Abstract:In the context of healthcare, big data refers to a complex compilation of digital medical data collected from many sources that are difficult to manage with normal technology and software due to its size and complexity. These big data are useful in various aspects of healthcare, such as disease diagnosis, early prevention of diseases, and predicting epidemics. Even though medical big data has many advantages and a lot of potential for revolutionizing healthcare, it also has a lot of drawbacks and problems, of which security and privacy are of the utmost concern, owing to the severity of the complications once the medical data is compromised. On the other hand, it is evident that existing security and privacy safeguards in healthcare organizations are insufficient to protect their massive, big data repositories and ubiquitous environment. Thus, motivated by the synthesizing of the current knowledge pertaining to the security and privacy of medical big data, including the countermeasures, in the study, firstly, we provide a comprehensive review of the security and privacy of medical big data, including countermeasures. Secondly, we propose a novel cloud-enabled hybrid access control framework for securing the medical big data in healthcare organizations, and the result of this research indicates that the proposed access control model can withstand most cyber-attacks, and it is also proven that the proposed framework can be utilized as a primary base to build secure and safe medical big data solutions. Thus, we believe this research would be useful for future researchers to comprehend the knowledge on the security and privacy of medical big data and the development of countermeasures.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jianting Ning,Xinyi Huang,Willy Susilo,Kaitai Liang,Ximeng Liu,Yinghui Zhang

DOI: https://doi.org/10.1109/tdsc.2020.3011525

2020-01-01

Abstract:Cloud-based data storage service has drawn increasing interests from both academic and industry in the recent years due to its efficient and low cost management. Since it provides services in an open network, it is urgent for service providers to make use of secure data storage and sharing mechanism to ensure data confidentiality and service user privacy. To protect sensitive data from being compromised, the most widely used method is encryption. However, simply encrypting data (e.g., via AES) cannot fully address the practical need of data management. Besides, an effective access control over download request also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks cannot be launched to hinder users from enjoying service. In this article, we consider the dual access control, in the context of cloud-based storage, in the sense that we design a control mechanism over both data access and download request without loss of security and efficiency. Two dual access control systems are designed in this article, where each of them is for a distinct designed setting. The security and experimental analysis for the systems are also presented.

xiao wei gao,ze min jiang,Rui Jiang

DOI: https://doi.org/10.4028/www.scientific.net/AMR.756-759.2649

2012-01-01

Advanced Materials Research

Abstract:Recently, Hota et al. present a Capability-based Cryptographic Data Access Control in Cloud Computing. This scheme implements data storage, user authorization, data access and integrity checking. However, we find two fatal attacks in the data exchange between CSP and User. These attacks makes a registered user can intercept another legal user's file and decipher it. To avoid these attacks, we give an improvement to Hota et al's scheme and can resist theses attacks. Meantime, to make Hota's scheme be applicable, we propose a novel data access protocol in cloud computing. Our scheme guarantees data confidentiality and secure data access between User and CSP. Security analysis shows that the scheme can resist various attacks.

Sathish Chander Krishnan

DOI: https://doi.org/10.1016/j.future.2024.04.054

IF: 7.307

2024-05-19

Future Generation Computer Systems

Abstract:– The Internet of Things is susceptible to seepage of private information during the data sharing. To circumvent this problem, access control and secure data sharing have been familiarized in cloud- IoT which is prevalent now days due to it storage and data access services. An intrusion detection implementation defends the veracity of the data sharing confining record are stored in a data base by recognizing when something changed unpredictably so that security and privacy are major anxieties. Therefore, it is crucial to develop the security apparatus that perceive and mitigate any feasible attack in cloud security services. In this paper, we proposed secure access control method with two-fold revocation for ensuring cloud computing security by hybrid blockchain (AI-Hybrid chain). Initially, all the users and services are registered their credentials to Secure Agent (SA) and provides image-based user authentication. Then, SA provides a long-term secret key which is generated by Improved Advanced Encryption Standard (IAES) algorithm, both user and service credentials are encrypted and stored in cloud chain. After that, gateway verifies the incoming requests are legitimate or illegitimate. For verifying the incoming packets, the proposed work utilizes Di-Fuzzy Inference System (Di-FIS) based on effective metrics. Further, legitimate request is optimally classified as sensitive and non-sensitive request for achieving secure service allocation using Tomtit Flock Optimization algorithm (TFO) based on optimal features. Once the service is allocated to users, we perform novel access control mechanism based on role and attribute of the users, the trust can be validated using Transfer Learning based Double Deep Q Network (TL-DDQN). Furthermore, virtual firewall is deployed in the cloud environment for analyzing the user storage request traffic as normal validated using Transfer Learning based Double Deep Q Network (TL-DDQN). Furthermore, virtual firewall is deployed in the cloud environment for analyzing the user storage request traffic as normal and malicious based on Contractive Residual Network (Con-ResNet). The implementation of proposed work is conducted by Network Simulator – 3.26 and the performance of the proposed AI-Hybrid chain model is itemized based on various performance metrics in terms of attack detection rate, overhead, success ratio, throughput, traffic rate, delay, response time and unauthorized access.

computer science, theory & methods

Tonglai Liu,Jigang Wu,Jiaxing Li,Jingyi Li,Yidong Li

DOI: https://doi.org/10.1002/cpe.6383

2021-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryAccess control is an important technique in information security that allows legitimate users to gain access to and prevent unauthorized users from getting access to resources in a system. The restriction between access from a user and a shared file of the data owner can be determined by the access policy. In most existing access control models, it is assumed that all entities, including users, the third party, and cloud service provider (CSP), are in the same trust domain. However, in cloud computing environments, it is usually assumed that the CSP cannot be fully trusted, and the data owner (DO) is desired to have the absolute initiative to control data access. This article proposes a blockchain‐based access control scheme for cloud computing, in which the DO maintains an access matrix to describe the access policy. Then, the public keys of all nodes and the access matrix are stored in the blockchain, to ensure the security of the proposed scheme. The DOs can encrypt the large shared files once using a symmetric key in a long time. And they also can encrypt the symmetric key in parallel using the public key of authorized users in a short time. Security analysis proves that the proposed scheme is able to prevent outsourced files from unauthorized access and collusion attack. Experimental results show that the proposed scheme outperforms the existing baselines in terms of overheads on computation and storage. On average, the computation overhead of the proposed scheme is lower than that of the scheme SVPAC, PpBAC, and Timely CP‐ABE by 25.37%, 45.46%, and 36.44%, respectively. The communication overhead of the proposed scheme is lower than that of the scheme Timely CP‐ABE by 17.16%, and it is more secure, although it is higher than that of the scheme SVPAC and PpBAC by 5.88% and 39.05%. And the storage overhead of the proposed scheme is lower than that of the scheme SVPAC, PpBAC, and Timely CP‐ABE by 59.36%, 20.25%, and 61.88%, respectively.

D. Praveena,P. Rangarajan

DOI: https://doi.org/10.1007/s11042-018-6339-0

IF: 2.577

2018-07-04

Multimedia Tools and Applications

Abstract:Cloud computing facilitates the enormous support of the public, business and emerging applications such as healthcare and nature disasters. Based on their services and characteristics, it can be classified as private cloud and public cloud. In this scenario, we need these two kinds of cloud services for an organization to provide the better service to the society. For that purpose, introduced a new cloud service called hybrid cloud service which is the combination of both private and public cloud. Security to the cloud environment is a challenging issue today especially for the hybrid cloud due to the combination of both. Many security mechanisms available in the literature but these are not achieved the sufficient level of security. For this purpose, we propose a new machine learning application for providing security to the hybrid cloud networks while storing the data and retrieving or accessing the data from the cloud. This proposed algorithm combines an existing Enhanced C4.5, newly proposed deduplication processing algorithm and the newly proposed dynamic access control mechanism. Moreover, we introduce a new deduplication processing algorithm for secure storage and retrieval without duplication or redundancy. In addition, a newly proposed dynamic access control mechanism called Dynamic Spatial Role Based Access Control Algorithm is also used in the proposed security framework. The proposed security framework has been implemented and also evaluated that the security level of the hybrid cloud while storing, retrieving and accessing the data from the cloud database.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Tabassum N. Mujawar,Lokesh B. Bhajantri

DOI: https://doi.org/10.4018/ijcac.308273

2022-09-08

International Journal of Cloud Applications and Computing

Abstract:Cloud computing delivers various resources and services to users over internet. At present many businesses and individual users are adopting cloud services to avail benefits such as, less time, less cost, less management, and maintenance. Still, security is the primary issue that must be tackled and one of the security issues is access control mechanism. The most widely used access control method includes Ciphertext Policy Attribute based Encryption, which is encrypted access control scheme. In order to ensure trustworthy and encrypted access control, a trusted hierarchical access structure based encryption scheme is proposed in this paper. The proposed scheme uses hierarchical access structure to encrypt multiple messages and avoid generation of multiple ciphertexts. The trust evaluation component is also integrated with the proposed access control mechanism. An efficient method to assign trust level for service providers and data users by utilizing their behavioral parameters is proposed in the paper.

Yuding WANG,Jiahai YANG

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

2017-01-01

Abstract:The key cloud computing characteristics,such as data openness,elasticity,and sharing,complicate data access control.Traditional access control models cannot provide flexible,dynamic access control to large numbers of users with massive data files.This paper presents a data access control model based on the data's role and attribute for cloud computing.An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status,and can access data with different attributes.The paper illustrates the design of this model and the work processes and provides a theoretical security analysis.The results show that the model can provide dynamic,safe,fine grained access control for users accessing data in a cloud environment.

Mounira Msahli,Xiuzhen Chen,Ahmed Serhrouchni

DOI: https://doi.org/10.1109/ICEBE.2014.56

2014-01-01

Abstract:The centerpiece of an efficient Cloud security architecture is a well-defined access control policy. In literature we can find several access control models such as the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABC). The UCONABC is very suitable for the context of distributed systems like cloud computing but it doesn't give any implementation method. In this paper we define the profile centric model using graph formalism and its implementation using matrix. We define the profile as the combination of all possible authorization, obligation, condition, role, etc... and other access parameters like attributes that we can found in Cloud system. We discuss its application using three matrixes (profile definition, profile inheritance and user assignment). Profile centric modeling is an optimum paradigm to define access control policy in complex distributed and elastic system like cloud computing. The proposed solution is validated and implemented over Hadoop distributed file system in the context of Safe Box as a service.

Ala Mughaid,Ibrahim Obeidat,Laith Abualigah,Shadi Alzubi,Mohammad Sh. Daoud,Hazem Migdady

DOI: https://doi.org/10.1007/s10207-024-00832-0

2024-03-20

International Journal of Information Security

Abstract:Users of computer networks may benefit from cloud computing, which is a fairly new abstraction that offers features like processing as well as the sharing and storing of data. As a result of the services it provides, cloud computing is drawing significant investments from across the world. Despite this, Cloud Computing Security continues to be one of the most important issues for businesses and consumers that use cloud computing systems. A few of the security flaws that are associated with cloud computing were passed down from earlier computer systems. In contrast, the other flaws were brought about by the distinctive qualities and design of cloud computing. The newly developed platform has measures that restrict data access to just those users who are authorized to do so. Using the user's identification and authentication/authorization information, a third-party service is responsible for managing access to the data. This service checks on all requests. Sensitive information and facts pertaining to users are encrypted both while in transit and while being stored. The platform was put into operation, analysed, and compared to other cloud platforms that were already in existence in terms of how effective it was in comparison to other platforms. When compared to the other security platforms, the findings demonstrated that this platform performed as anticipated in a relatively short amount of time and offered robust protection against the acts of an intruder.

computer science, information systems, theory & methods, software engineering

Reetu Gupta,Priyesh Kanungo,Nirmal Dagdee,Golla Madhu,Kshira Sagar Sahoo,N Z Jhanjhi,Mehedi Masud,Nabil Sharaf Almalki,Mohammed A AlZain

DOI: https://doi.org/10.3390/s23052617

2023-02-27

Abstract:With continuous advancements in Internet technology and the increased use of cryptographic techniques, the cloud has become the obvious choice for data sharing. Generally, the data are outsourced to cloud storage servers in encrypted form. Access control methods can be used on encrypted outsourced data to facilitate and regulate access. Multi-authority attribute-based encryption is a propitious technique to control who can access encrypted data in inter-domain applications such as sharing data between organizations, sharing data in healthcare, etc. The data owner may require the flexibility to share the data with known and unknown users. The known or closed-domain users may be internal employees of the organization, and unknown or open-domain users may be outside agencies, third-party users, etc. In the case of closed-domain users, the data owner becomes the key issuing authority, and in the case of open-domain users, various established attribute authorities perform the task of key issuance. Privacy preservation is also a crucial requirement in cloud-based data-sharing systems. This work proposes the SP-MAACS scheme, a secure and privacy-preserving multi-authority access control system for cloud-based healthcare data sharing. Both open and closed domain users are considered, and policy privacy is ensured by only disclosing the names of policy attributes. The values of the attributes are kept hidden. Characteristic comparison with similar existing schemes shows that our scheme simultaneously provides features such as multi-authority setting, expressive and flexible access policy structure, privacy preservation, and scalability. The performance analysis carried out by us shows that the decryption cost is reasonable enough. Furthermore, the scheme is demonstrated to be adaptively secure under the standard model.

Chao-sheng FENG,Zhi-guang QIN,Ding YUAN,Yu QING

DOI: https://doi.org/10.3969/j.issn.0372-2112.2015.02.017

2015-01-01

Abstract:The loss of on-board domain and appearance of multi-tenant context bring some new problems and challenges to access control .In this paper ,these problems are listed and the reasons are analyzed first .And then ,aiming at these problems ,the corresponding solutions and techniques are introduced in terms of identity provision ,authentication ,authorization ,identity federation and single sign-on .Next ,latest works about access control of cloud computing are reviewed in terms of access control models ,at-tribute based access control of cipher text ,and access control of outsourcing data .At last ,the trend of study on access control of cloud computing is analyzed and predicted .

Md Shahidur Rahaman,Sadia Nasrin Tisha,Eunjee Song,Tomas Cerny

DOI: https://doi.org/10.3390/s23073413

IF: 3.9

2023-03-25

Sensors

Abstract:Protecting the resources of a cloud-native application is essential to meet an organization's security goals. Cloud-native applications manage thousands of user requests, and an organization must employ a proper access control mechanism. However, unfortunately, developers sometimes grumble when designing and enforcing access decisions for a gigantic scalable application. It is sometimes complicated to choose the potential access control model for the system. Cloud-native software architecture has become an integral part of the industry to manage and maintain customer needs. A microservice is a combination of small independent services that might have hundreds of parts, where the developers must protect the individual services. An efficient access control model can defend the respective services and consistency. This study intends to comprehensively analyze the current access control mechanism and techniques utilized in cloud-native architecture. For this, we present a systematic mapping study that extracts current approaches, categorizes access control patterns, and provides developers guidance to meet security principles. In addition, we have gathered 234 essential articles, of which 29 have been chosen as primary studies. Our comprehensive analysis will guide practitioners to identify proper access control mechanisms applicable to ensuring security goals in cloud-native architectures.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1109/cc.2015.7385527

2015-01-01

China Communications

Abstract:This paper proposes a new access architecture onmobile cloud, which introduces a middle layer sitting between mobile devices and their cloud infrastructure. This middle layer is composed of cloudlets which are deployed by cloud services providers, such as wireless network access points (APs), to improve the performance of mobile cloud servicesand be different from traditional mobile operator mode. Then based on this new architecture,we improve our previous (Attribute-basedencryption) ABE access control scheme on cloud for mobile cloud, which is proposed to offload the main amount of computations to the cloudlet as the function of cloud. Simulationresults demonstratethe new access control scheme takes into consideration response time constraints and network statusof access task execution, while satisfying certain network security for mobile cloud.

Naveed Khan,Zhang Jianbiao,Huhnkuk Lim,Jehad Ali,Intikhab Ullah,Muhammad Salman Pathan,Shehzad Ashraf Chaudhry

DOI: https://doi.org/10.1186/s13677-023-00464-0

2023-01-01

Journal of Cloud Computing Advances Systems and Applications

Abstract:Through the broad usage of cloud computing and the extensive utilization of next-generation public clouds, people can share valuable information worldwide via a wireless medium. Public cloud computing is used in various domains where thousands of applications are connected and generate numerous amounts of data stored on the cloud servers via an open network channel. However, open transmission is vulnerable to several threats, and its security and privacy are still a big challenge. Some proposed security solutions for protecting next-generation public cloud environments are in the literature. However, these methods may not be suitable for a wide range of applications in a next-generation public cloud environment due to their high computing and communication overheads because if security protocol is strengthened, it inversely impacts performance and vice versa. Furthermore, these security frameworks are vulnerable to several attacks, such as replay, denial-of-service (DoS), insider, server spoofing, and masquerade, and also lack strong user anonymity and privacy protection for the end user. Therefore, this study aims to design an elliptic curve cryptographic (ECC) based data access control protocol for a public cloud environment. The security mechanism of the proposed protocol can be verified using BAN (Burrows-Abadi-Needham) logic and ProVerif 2.03, as well as informally using assumptions and pragmatic illustration. In contrast, in the performance analysis section, we have considered the parameters such as the complexity of storage overheads, communication, and computation time. As per the numerical results obtained in the performance analysis section, the proposed protocol is lightweight, robust, and easily implemented in a practical next-generation cloud computing environment.

Fangbo Cai,Nafei Zhu,Jingsha He,Pengyu Mu,Wenxin Li,Yi Yu

DOI: https://doi.org/10.1007/s10586-018-1850-7

2018-01-01

Cluster Computing

Abstract:Access control is an important measure for the protection of information and system resources to prevent illegitimate users from getting access to protected objects and legitimate users from attempting to access the objects in ways that exceed what they are allowed. The restriction placed on access from a subject to an object is determined by the access policy. With the rapid development of cloud computing, cloud security has increasingly become a common concern and should be dealt with seriously. In this paper, we survey access control models and policies in different application scenarios, especially for cloud computing, by following the development of the internet as the main line and by examining different network environments and user requirements. Our focus in the survey is on the relationships among different models and technologies along with the application scenarios as well as the pros and cons of each model. Special attention will be placed on access control for cloud computing, which is reflected in the summaries of the access control models and methods. We also identify some emerging issues of access control and point out some future research directions for cloud computing.

Hua Zhang,Fang Lou,Hao Wang,Zhihong Tian

DOI: https://doi.org/10.1109/icisce.2018.00100

2018-01-01

Abstract:One of the most promising applications in cloud computing is online data sharing. How to share user data safely and efficiently has become one of the most challenging problems in cloud computing. Encryption attribute access control is a powerful guarantee against unauthorized users from accessing sensitive data in the cloud. However, it only increases the difficulty of illegal data access. It does not know whether data has illegal access in time, nor can it adopt timely optimization and adjustment of access control policies. Based on the encryption attribute access control strategy, this paper provides a data protection model, and provides a data access detection algorithm, forms a closed-loop control, provides timely feedback evidence for continuous optimization of data access control strategies, and improves data protection's integrity.

Bayan A. Alenizi,Mamoona Humayun,NZ Jhanjhi

DOI: https://doi.org/10.1088/1742-6596/1979/1/012038

2021-01-01

Journal of Physics Conference Series

Abstract:The idea of Cloud Computing (CC) provides dynamically scalable services that are delivered over the Internet as a service. The key driver of the cloud is economic benefits, as it aims to minimize capital expenditure as well as operating expenditure. There are still some problems to be overcome in order for this to become reality. One of the important issue is security and privacy concerns, which has been addressed by many researchers but still the problem persist. Security assurance is an important driver for cloud adoption and for increasing cloud deployment. To provide a detailed overview of existing cloud security challenges and mitigation strategies, this paper provides a comprehensive survey of underlying cloud security and privacy issues and concerns along with countermeasures. Further; as a contribution in research, we have provided a framework to address the security and privacy concerns in CC. Proposed framework uses hybrid authentication mechanism for the security of CC. The study provides a deeper insight to the researchers and practitioners about CC and underlying security and privacy concerns along with countermeasures and a novel solution.

Niu Shaozhang,Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1049/cje.2015.07.015

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:Cloud computing services have got rapid development in the field of the lightweight terminal, especially wireless communications. The comprehensive access control system framework is proposed for the cloud. A kind of access control scheme based on attribute encryption is designed, in which lightweight devices can safely use cloud computing resources to outsource encrypt/decrypt operations, and not worry for exposing terminal sensitive data. The scheme is verified by performance evaluation about the security, computing, storage, to ensure the legitimate interests of users in the cloud.