Top

Cluster Computing

Published in:

01-02-2018

Survey of access control models and technologies for cloud computing

Authors: Fangbo Cai, Nafei Zhu, Jingsha He, Pengyu Mu, Wenxin Li, Yi Yu

Published in: Cluster Computing | Special Issue 3/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Access control is an important measure for the protection of information and system resources to prevent illegitimate users from getting access to protected objects and legitimate users from attempting to access the objects in ways that exceed what they are allowed. The restriction placed on access from a subject to an object is determined by the access policy. With the rapid development of cloud computing, cloud security has increasingly become a common concern and should be dealt with seriously. In this paper, we survey access control models and policies in different application scenarios, especially for cloud computing, by following the development of the internet as the main line and by examining different network environments and user requirements. Our focus in the survey is on the relationships among different models and technologies along with the application scenarios as well as the pros and cons of each model. Special attention will be placed on access control for cloud computing, which is reflected in the summaries of the access control models and methods. We also identify some emerging issues of access control and point out some future research directions for cloud computing.

previous article Empirical research on rural e-commerce development level index system based on catastrophe progression method

next article The linear regression method of the influencing factors of cultural industry based on the classification of structural data sources

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Li, F.H., Xiong, J.B.: Access control technology for complex network environment. The people’s mail and telecommunications press (2015)

Bell, D.E., LaPadula, L.J.: Secure computer system: unified exposition and multics interpretation. DTIC Document, Mitre Corp Bedford MA, USA (1976)

Sandhu, R., Coyne, E.J., Feinstein, H.L., et al.: Role-based access control models. Computer 29(2), 38–47 (1996)

Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 mode for role-based administration of roles. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(1), 105–135 (1999)

Sandhu, R., Munawer, Q.: The ARBAC99 model for administration of roles. In: Proceedings of 15th Annual Computer Security Applications Conference, pp. 229–238. IEEE, New York, NY, USA (1999)

Oh, S., Sandhu, R., Zhang, X.: An effective role administration model using organization structure. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(2), 113–137 (2006)

Ferraiolo, D.F., Sandhu, R., Gavrila, S., et al.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

Thomas, R.K., Sandhu, R.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Security XI: Status and Prospects, pp. 166–181. Chapman & Hall, Ltd., London, UK (1998)

Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)MATH

10.

Zhu, J.: Research on Group Perception and Access Control Technology in Role Coordination. College of computer science, Zhongshan University, Guangzhou (2009)

11.

Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)

12.

Knorr, K.: Dynamic access control through Petri net workflows. In: 16th Annual Conference on Computer Security Applications, pp. 159–167 (2000)

13.

Botha, R.A., Eloff, J.H.P.: Designing role hierarchies for access control in workflow systems. In: Proceedings of the 25th International Computer Software and Applications Conference, pp. 117–122. IEEE Computer Society, Washington, DC, USA (2001)

14.

Curry, S., Darbyshire, J., Fisher, D.W., Hartman, B., Herrod, S., Kumar, V., Martins, F. et al.: Infrastructure security: getting to the bottom of compliance in the cloud. The Security Division of EMC (2010)

15.

Kaur, P.J., Kaushal, S.: Security concerns in cloud computing. In: Proceedings of the HPAGC 2011. CCIS, vol. 169, pp. 103–112(2011)

16.

Shen, H.B., Hong, F.: Review of access control model. Appl. Res. Comput. 22(6), 9–11 (2005)

17.

Han, D.J., Gao, J., Zhai, H.L., et al.: Research progress of access control model. Comput. Sci. 37(11), 29–33 (2010)

18.

Lampson, B.W.: A scheduling philosophy for multiprocessing systems. Commun. ACM 11(5), 347–360 (1968)MATH

19.

Luo, Y., Wu, Z.H.: A new method of access control policy descriptive language and its authorization. J. Comput. 1-18 (2017)

20.

Cantor, S., Moreh, J., Philpott, R., Maler, E.: Metadata for the OASIS security assertion markup language (SAML) V2.0. OASIS Open, (2005)

21.

Gary, C., Sun, M.: OASIS service provisioning markup language (SPML) versions 2.0. OASIS Open (2006)

22.

Erik, R., Axiomatics, B.: OASIS extensible access control markup language (XACML) versions 3.0. OASIS Open (2013)

23.

Lv, S., Liu, L., Shi, L., et al.: Intelligent planning method based on automatic reasoning technology. J. Softw. 20(5), 1226–1240 (2009)MathSciNet

24.

Li, N., Tripunitaram, V.: Security analysis in role based access control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)

25.

Lin, B.G.: Analysis of extended information system security domain model. J. Commun. 9–14 (2009)

26.

Ye, Y., Lu, T., et al.: Triple helix model and its quantitative analysis methods. China Soft Sci. 11, 131–139 (2014)

27.

Liu, Q.: Role-based access control techniques, South China University of technology press, pp. 55–60 (2010)

28.

He, Z., Tian, J., Zhang, Y.: Style refinement and detection improvement of policy conflict. J. Jilin Univ. 25(3), 287–293 (2005). (in Chinese)

29.

Yao, J., Mao, B., Xie, L.: A DAG-based security policy conflicts detection method. J. Comput. Res. Dev. 42(7), 1108–1114 (2005). (in Chinese)

30.

Lupu, E.C., Sloman, M.: Conflicts in policy based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

31.

Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. IEEE Symposium on Security & Privacy, IEEE, pp. 103–112 (1997)

32.

Li, X., Meng, L., Jiao, L.: Problems in results of policy conflict resolutions and detection and resolution methods in network management systems. J. Comput. Res. Dev. 43(7), 1297–1303 (2006). (in Chinese)

33.

Li, R.X., Lu, J.F., Li, T.Y., et al.: A method of inconsistency conflict resolution for access control strategy. J. Comput. 36(06), 1210–1223 (2013)

34.

Lu, J.F., Yan, X., Peng, H., Han, J.M.: An optimized strategy for inconsistent conflict resolution. J. Huazhong Univ.Sci.Technol. 42(11), 106–111 (2014)

35.

Feng, D.G., Zhang, M., Zhang, Y.: The security research of cloud computing. J. Softw. 22(1), 71–83 (2011)

36.

Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)

37.

Thomas, R.K., Sandhu, R.: Task-based authorization controls (TBAC): a family of models for active and enterprise oriented authorization management. In: Proceedings of the 11th IFIP WG11.3 Conference on Database Security, pp. 166–181. Lake Tahoe (1997)

38.

Li, F.H., Su, M., Shi, G.Z., Ma, J.F.: Research status and development trends of access control model. Chin. J. Electron. 40(4), 805–813 (2012). (in Chinese with English abstract)

39.

Botha, R.A., Eloff, J.H.P.: Designing role hierarchies for access control in workflow system. The 25th Annual International Computer Software and Applications Conference Chicago, pp. 117–122 (2001)

40.

Wang, X.W., Zhao, Y.M.: A task-role-based access control model for cloud computing. Comput. Eng. 38(24), 9–13 (2012)

41.

Deng, J.B., Hong, F.: Task-based access control model. J. Softw. 14(1), 76–96 (2003)MATH

42.

Park, S.: Task role based access control: an improved access control model for enterprise environment. The 11th International Conference in Database and Expert Systems Applications. pp. 264–273. London (2000)

43.

Androulaki, E., Soriente, C., Malisa, L. et al.: Enforcing location and time based access control on cloud stored data. The 34th International Conference on Distributed Computing systems. pp. 637–648 (2014)

44.

Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control model. Chin. J. Electron. 17(3), 396–401 (2008)

45.

Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control model and its behavior management. J. Electron. 36(10), 1881–1890 (2008)

46.

Li, F.H., Wang, W., Ma, J.F., et al.: The access control model of cooperative information system and its application. J. Commun. 29(9), 116–123 (2008)

47.

Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control for web services. The 5th International Conference on Information Assurance and Security, pp. 637-642. Xi’an, (2009)

48.

Lin, G.Y., He, S., Huang, H., Wu, J.Y., Chen, W.: Access control security model based on behavior in cloud computing environment. J. Commun. 33(3), 59–66 (2012)

49.

Yuan, E., Tong, J., Zhao, Z.: Attributed based access control (ABAC) for web services. The IEEE International Conference on Web Services, Orlando, Florida. pp. 561–569 (2005)

50.

Wang, X.M., Fu, H., Zhang, C.L.: Research progress on properties based access control. J. Electron. 38(07), 1660–1667 (2010)

51.

Ei, E.M., Thinn, T.N.: The privacy-aware access control system using attribute-and role-based access control in private cloud. Proceedings of the 2011 4th IEEE IC-BNMT. pp. 447–451 (2011)

52.

Parkark, J., Sandhu, R.: Towards usage control models: Beyond traditional access control. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, pp. 57–64. ACM press, Monterey California (2002)

53.

Chu, X.B., Qin, Y.: A distributed control system based on trusted computing. J. Comput. 33(1), 93–102 (2010)

54.

Tavizi, T., Shajari, M., Dodangeh, P.: A usage control based architecture for cloud environments. Parallel and Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International. pp. 1534–1539, IEEE (2012)

55.

Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

56.

Mounira, M., Rached, A., Ahmed, S.: Access control in probative value cloud. In: Proceedings of the 8th International Conference for Internet Technology and Secured Transactions (2013)

57.

Park, J., Zhang, X.W., Sandhu, R.: Attribute mutability in usage control. In: Proceedings of the Annual IFIP WG Working Conference on Data and Applications Security, pp. 15-29 (2004)

58.

Zhang, X.W., Nakae, M., Covington, M.J., et al.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008)

59.

Park, J.: Usage Control: A Unified Framework for Next Generation Access Control. George Mason University, Virginia (2003)

60.

Zhang, X.W., Parisi-Presicce, F., Sandhu, R., et al.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 35–87 (2005)

61.

Dong, Q.X., Guan, Z., Chen, Z.: An overview of computational cryptography on cryptographic data. Appl. Res. Comput. 33(09), 2561–2572 (2016)

62.

Vipul, G., Amit, S., Omkant, P., Brent, W.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM Conference on Computer and Communications Security. pp. 89-98 (2006)

63.

Ostrovsky, R., Sahai, A., Waters, B.: Attribute-Based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. pp. 1–17. ACM Press, New York (2007)

64.

Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute-based encryption. In: Shacham, H., Waters, B. (eds.) Pairing-Based Cryptography-Pairing 2009, pp. 248–265. Springer-Verlag, Berlin (2009)MATH

65.

Shu, J.S., Cao, D., Wang, X.F.: Attribute based encryption mechanism. J. Softw. 22(6), 1299–1315 (2011)MathSciNetMATH

66.

Xiong, J.B., Yao, Z.Q., Ma, J.F., et al.: A portfolio document model and access control scheme in a cloud computing environment. J. Xi’an Jiao Tong Univ. 48(2), 25–31 (2014)

67.

Liu, X., Zhang, Y., Wang, B.: Mona: secure multi-owner data sharing for dynamic groups in the cloud. IEEE Trans. Parallel Distrib. Syst. 24(6), 1182–1192 (2013)

68.

Chen, S.H., Chen, R.J.: Dealer less multi server timed release encryption scheme with privacy preserving encoding. The Second International Conference on Information Security and Digital Forensics, p. 1 (2005)

69.

Unruh, D.: Revocable quantum timed release encryption. The 33th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 129–146. Springer Verlag, Copenhagen, Heidelberg (2014)

70.

Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role based access control for secure data storage in the cloud. Comput. J. 54(10), 1675–1687 (2011)

71.

Zhu, Y., Hu, H.X., et al.: Provably secure role based encryption with revocation mechanism. J. Comput. Sci. Technol. 26(4), 697–710 (2011)MathSciNetMATH

72.

Shamir, A.: Identity Based Crypto Systems and Signature Schemes. CRYPTO 84 on Advances in Cryptology. Springer Verlag, New York (1985)

73.

Sahai, A., Waters, B.: Fuzzy identity based encryption. The 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer Verlag, Berlin Heidelberg (2005)

74.

Wang, Y.D., Yang, J.H., Xu, C., et al.: Survey on access control technologies for cloud computing. J. Softw. 26(5), 1129–1150 (2015)MathSciNet

Title: Survey of access control models and technologies for cloud computing
Authors: Fangbo Cai
Nafei Zhu
Jingsha He
Pengyu Mu
Wenxin Li
Yi Yu
Publication date: 01-02-2018
Publisher: Springer US
Published in: Cluster Computing / Issue Special Issue 3/2019
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-018-1850-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Special Issue 3/2019

Secondary parallel automatic parking of endpoint regionalization based on genetic algorithm

An object tracking method based on Mean Shift algorithm with HSV color space and texture features

A revised framework of machine learning application for optimal activity recognition

Study of range-extended target detection performance based optimized EBSPK signals

Privacy protection and integrity verification of aggregate queries in cloud computing

Improved cluster collaboration algorithm based on wolf pack behavior

Premium Partner