Enhanced Role-Based Access Control for Cloud Security
01 Jan 2015-pp 837-852
TL;DR: This paper shows how the existing security standards such as XACML can be used to create and manage the policies of RBACcs, and proposes a few extensions to the existing system that can be made based on the security needs.
Abstract: There has been significant work done on access control previously. The proposed access control system is aiming at providing more security to enterprise resource on cloud by limiting the access of resources. Each enterprise has a different hierarchical structure based on their organizational policy. This organizational hierarchy is built using various roles that are interdependent on each other. Therefore, instead of defining the access policy for each user, the system defines access for each role. There are many standards which are available for access control such as XACML and SAML. The proposed system uses the concept of XACML for designing the policies. In addition to this feature, the system has a role request module that enables the user to hold other roles as well. This project provides a security solution via RBAC system for cloud security (RBACcs) to improve the security of data on cloud. This paper shows how the existing security standards such as XACML can be used to create and manage the policies of RBACcs. These policies are defined and designed according to current business scenario. The paper also studies the existing work done on cloud security and gives a comparative study between the proposed and the existing systems. In the end, we also proposed a few extensions to the existing system that can be made based on the security needs.
Citations
More filters
TL;DR: A long 512-bit Deoxyribonucleic Acid (DNA) based key sequence has been used for improving the data security, and it is secured against the collision attack, man-in-the-middle attack, internal attack, etc.
49 citations
01 Feb 2017
TL;DR: All the issues of cloud computing, including access control and data security, and future work directions have been identified for the cloud computing environment are discussed.
Abstract: Nowadays, access control and data security are two most critical problems with cloud computing. Access control can be defined as a procedure by which users can access data from the cloud server. At the time of accessing data, there are many problems, such as data security, high data accessing time, data lost, overhead, data redundancy, etc. In the first part of this paper, a brief discussion of fundamentals of cloud computing are presented. Moreover, all the issues of cloud computing are also discussed in this paper. Finally, future work directions have been identified for the cloud computing environment.
30 citations
Cites background from "Enhanced Role-Based Access Control ..."
...Many access control schemes have been already proposed for cloud computing [4-12]....
[...]
Journal Article•
TL;DR: A new table based access control model has been proposed for cloud computing environment and both the performance analysis and experimental results prove that the proposed scheme is more efficient and effective than existing schemes.
Abstract: Cloud computing is very lucrative technology becaus e of its cost effectiveness, efficiency, flexibility, pay-per-use and scalability. W ith these advantages, cloud computing has many issues, and some existing issues have beco me very critical. Access control and security are two critical issues of cloud computing . Access control is a method, which allows a customer or user to access a data, file or any kind of resources from a system. In this paper, a new table based access control model has been proposed for cloud computing environment. The proposed scheme is very effic i nt because it can minimize many problems, such as high data accessing time, high se arching time for providing the public key of the data owner, maintenance of the database, etc. Both the performance analysis and experimental results prove that the proposed sc heme is more efficient and effective than existing schemes.
21 citations
Cites background from "Enhanced Role-Based Access Control ..."
...Many researchers proposed many Access Control Models (ACM) for efficient, hig performance and secured data accessing in the cloud computing environment [8-18] ....
[...]
TL;DR: This Trust-Based Access Control Model for Healthcare System (TBACMHS) framework composed of the trust mechanism, trust model, and access control policies which enhance the accuracy and efficiency of the system.
Abstract: An important issue in the Cloud-Based Electronic Healthcare System (CBEHS) is to protect the sensitive data and resources from the untrusted user. Enforcing the protection in the CBEHS, the access control model plays an important role. Access control is a security mechanism that checks every request of the data to identify the legitimate user. The access request will be granted or denied with the help of preconfigured access control policies. Although, in the previous years, many access control methods, techniques, and models have been proposed, but due to changing user’s behavior and security requirements in the CBEHS, the models suffer from several attacks and threats like Sybil attacks, collusion attack, insider attack, service hijacking, misuse of health data, and impersonation attack, etc. Due to this type of attack, the healthcare data and resources become more vulnerable. In this paper, we have proposed an access control model which is based on the trustworthiness of the requested user. This Trust-Based Access Control Model for Healthcare System (TBACMHS) framework composed of the trust mechanism, trust model, and access control policies which enhance the accuracy and efficiency of the system. This access control framework will ensure the only trusted and authorized user can access the data and resources. The detail design and presentation of the model show that the accuracy and efficiency of the CBEHS are more as compared to other trust models.
18 citations
01 May 2016
TL;DR: The TURA-RBAC scheme provides a scheme that could achieve not only reduce the damage from InTs, but also easy implementation for trusted RBAC, which is a new trusted role-based access control (RBAC) model.
Abstract: The generalized trusted user-to-role assignment role-based access control (TURA-RBAC) scheme is first integrated and proposed in this paper, which is a new trusted role-based access control (RBAC) model. It could give a solution to cope with the problem on when many malicious users who want to launch insider threats (InTs) are assigned to an RBAC system. In the other words, the untrusted case is a type of InTs. The approach takes the advantages via soft computing approaches which are chosen by the system to evaluate each user in same interactive session. Upon finding some malicious access content, the user will be denied access to the role as well as the role-based RSA key. The main contributions are described as the following: first, this scheme designs a user-to-role assignment utilizing content awareness via soft computing techniques. Second, a novel generalization model of trusted RBAC is defined in this paper, which adds a new role-to-key assignment into the trusted RBAC model. Third, both the RSA algorithm and AKL approach are combined together into the role hierarchy structure in the TURA-RBAC model. Fourth, the dynamic change in role-to-key assignment in the role hierarchy is designed in this paper. In addition, the scheme provides a scheme that could achieve not only reduce the damage from InTs, but also easy implementation for trusted RBAC. In the end, the discussions, comparisons and security analyses are also presented in this paper.
16 citations
References
More filters
26 Jul 2000
TL;DR: The NIST model focuses on those aspects of RBAC for which consensus is available and is organized into four levels of increasing functional capabilities called flat RBAC, hierarchicalRBAC, constrained RBAC and symmetric RBAC.
Abstract: This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called flat RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising flat and hierarchical RBAC in an ordered sequence and two unordered features—constraints and symmetry—is also presented. The paper furthermore identifies important attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.
967 citations
Book•
04 Sep 2009
TL;DR: This book, written by recognized authorities in the tech security world, addresses issues that affect any organization preparing to use cloud computing as an option and provides the detailed information on cloud computing security that has been lacking, until now.
Abstract: This book, written by recognized authorities in the tech security world, addresses issues that affect any organization preparing to use cloud computing as an option. Cloud computing has emerged as a popular way for corporations to save money that would otherwise go into their IT infrastructure. However, along with the promise of cloud computing there has also been considerable skepticism about the type and extent of security and privacy that these services provide. Cloud Security and Privacy walks you through the steps you need to take to ensure your web applications are secure and your data is safe, and addresses regulatory issues such as audit and compliance. Ideal for IT personnel who need to deliver and maintain applications in the cloud, business managers looking to cut costs, service providers, and investors, this book provides the detailed information on cloud computing security that has been lacking, until now.
555 citations
06 Nov 1997
TL;DR: In this article, the authors describe the motivation, intuition and outline of a new model for RBAC administration called ARBAC97 (administrative RBAC ‘97), and introduce additional concepts in developing RRA97.
Abstract: In role-based access control (RBAC) permissions are associated with roles, and users are made members of roles thereby acquiring the roles’ permissions. The motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience, especially in decentralizing administrative authority, responsibility and chores. This paper describes the motivation, intuition and outline of a new model for RBAC administration called ARBAC97 (administrative RBAC ‘97). ARBAC97 has three components: URA97 (user-role assignment ‘97), PRA97 (permissionrole assignment ‘97) and RRA97 (role-role assignment ‘97). URA97 was recently defined by Sandhu and Bhamidipati [SB97]. ARBAC97 incorporates URA97, builds upon it to define PRA97 and some components of RRA97, and introduces additional concepts in developing RRA97. *This work is partially supported by the National Science Fmmdation at the Laboratory for Information Security Technology at George Mason University and the National Institute of Standards and Technology at SETA Corporation. All correspondence should be addressed to Ravi Sandhu, ISSE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, sandhu@isse.gmu.edu, wvw.list.gmu.edu.
95 citations
23 Mar 2011
TL;DR: This paper proposes a RBAC model using a role ontology for Multi-Tenancy Architecture (MTA) in clouds, and Ontology transformation operations algorithms are provided to compare the similarity of different ontology.
Abstract: In cloud computing, security is an important issue due to the increasing scale of users. Current approaches to access control on clouds do not scale well to multi-tenancy requirements because they are mostly based on individual user IDs at different granularity levels. However, the number of users can be enormous and causes significant overhead in managing security. RBAC (Role-Based Access Control) is attractive because the number of roles is significantly less, and users can be classified according to their roles. This paper proposes a RBAC model using a role ontology for Multi-Tenancy Architecture (MTA) in clouds. The ontology is used to build up the role hierarchy for a specific domain. Ontology transformation operations algorithms are provided to compare the similarity of different ontology. The proposed framework can ease the design of security system in cloud and reduce the complexity of system design and implementation.
65 citations
08 Dec 2011
TL;DR: This paper presents a survey of access control mechanisms along with their deployment issues and solutions available today and aims to give a comprehensive big picture as well as pragmatic deployment details to guide in understanding, setting up and enforcing access control in its real world application.
Abstract: Access control is a security aspect whose requirements evolve with technology advances and, at the same time, contemporary social contexts. Multitudes of access control models grow out of their respective application domains such as healthcare and collaborative enterprises; and even then, further administering means, human factor considerations, and infringement management are required to effectively deploy the model in the particular usage environment. This paper presents a survey of access control mechanisms along with their deployment issues and solutions available today. We aim to give a comprehensive big picture as well as pragmatic deployment details to guide in understanding, setting up and enforcing access control in its real world application.
63 citations