Survey on Access Control Mechanisms in Cloud Computing
DOI:
https://doi.org/10.13052/2245-1439.731Keywords:
Cloud Computing, Information Policy Making, Access Control, Security, NIST MetricsAbstract
The benefits that Internet-based applications and services have given to the end user with today’s cloud computing technology are very remarkable. The distributed services instantly scaled over the Internet provided by cloud computing can be achieved by using some mechanisms in the background. It is a critical task for end users to control access to resources because lack of control often leads to security risks. In addition, this may cause systems to fail. This paper describes seven different access control mechanisms used in cloud computing platforms for different purposes. Besides, the advantages and disadvantages of various models developed from previous service-based architectures and used for cloud computing are detailed and classified. During the assessments, NIST’s metrics were taken as a reference, and in the study, 109 articles from the past decade were examined.We also compared our research with the existing survey papers.
Downloads
References
Almubaddel, M., and Elmogy, A. M. (2016). Cloud computing antecedents, challenges, and directions. In Proceedings of the International Conference on Internet of things and Cloud Computing, p. 16.
Chen, W. N., and Zhang, J. (2012). A set-based discrete PSO for cloud workflow scheduling with user-defined QoS constraints. In IEEE International Conference on Systems, Man, and Cybernetics (SMC), (pp. 773–778).
Subashini, S., and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1–11.
Punithasurya, K., and Jeba Priya, S. (2012). Analysis of different access control mechanism in cloud. International Journal of Applied Information Systems (IJAIS), Foundation of Computer Science FCS, 4(2).
Ahmadi, M., Chizari, M., Eslami, M., Golkar, M. J., and Vali, M. (2015). Access control and user authentication concerns in cloud computing environments. In 1st International Conference on Telematics and Future Generation Networks (TAFGEN), (pp. 39–43).
Alpaslan, G., and Kalıpsız, O. Bulut Bilişim Teknolojisinin Yazılım Performans Testlerinde Kullanımı.
Gajbhiye, A., and Shrivastva, K. M. P. (2014). Cloud computing: Need, enabling technology, architecture, advantages and challenges. In Confluence The Next Generation Information Technology Summit (Confluence), 2014 5th International Conference- (pp. 1–7). IEEE.
Timmermans, J., Stahl, B. C., Ikonen, V., and Bozdag, E. (2010). The ethics of cloud computing: A conceptual review. In IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), 2010 (pp. 614–620).
Shikha Singh, Binay Kumar Pandey, and Ratnesh Srivastava (2014). Cloud computing attacks: a discussion with solutions. Open Journal of Mobile Computing and Cloud Computing, 1(1), 1–10.
Hu, V. C., and Kent, K. A. (2012). Guidelines for access control system evaluation metrics. US Department of Commerce, National Institute of Standards and Technology.
Khan, M. F. F., and Sakamura, K. (2015). Fine-grained access control to medical records in digital healthcare enterprises. In International Symposium on, Networks, Computers and Communications (ISNCC), 2015 (pp. 1–6). IEEE.
Msahli, M., Chen, X., and Serhrouchni, A. (2014). Towards a fine-grained access control for cloud. In IEEE 11th International Conference on, e-Business Engineering (ICEBE), 2014 (pp. 286–291).
Li, W., Wan, H., Ren, X., and Li, S. (2012). A refined RBAC model for cloud computing. In 11th International Conference on Computer and Information Science (ICIS), 2012 IEEE/ACIS (pp. 43–48).
Kuhn, D. R., Coyne, E. J., and Weil, T. R. (2010). Adding attributes to role-based access control. Computer, 43(6), 79–81.
Wu, T. K., Lin, Y. W., and Lin, I. C. (2012). A cloud-user access control mechanism based on data masking. In Sixth International Conference on Genetic and Evolutionary Computing (ICGEC), 2012 (pp. 165–168). IEEE.
Fu, Y., Liu, Y., Liu, D., Lou, F., and Yan, K. (2016). An environment-based RBAC model for internal network. In Computer Communication and the Internet (ICCCI), 2016 IEEE International Conference on (pp. 91–94). IEEE.
Elliott, A., and Knight, S. (2016). Start Here: Engineering Scalable Access Control Systems. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (pp. 113–124). ACM.
Hurtuk, J., Baláž, A., and Ádàm, N. (2016). Security sandbox based on RBAC model. In IEEE 11th International Symposium on Applied Computational Intelligence and Informatics (SACI), 2016 (pp. 75–80).
Pandey, S., Dwivedi, A., Pant, J., and Lohani, M. (2016). Security enforcement using TRBAC in cloud computing. In International Conference on Computing, Communication and Automation (ICCCA), 2016 (pp. 1232–1238).
Chatterjee, S., Gupta, A. K., Mahor, V. K., and Sarmah, T. (2014). An efficient fine grained access control scheme based on attributes for enterprise class applications. In International Conference on Signal Propagation and Computer Technology (ICSPCT), 2014 (pp. 273–278).
Charanya, R., and Aramudhan, M. (2016). Survey on access control issues in cloud computing. In International Conference on Emerging Trends in Engineering, Technology and Science (ICETETS), (pp. 13–4). IEEE.
Sirisha, A., and Kumari, G. G. (2010). API access control in cloud using the role based access control model. In Trendz in Information Sciences & Computing (TISC), 2010 (pp. 1353–137).
Zhou, L., Varadharajan, V., and Hitchens, M. (2013). Achieving secure role-based access control on encrypted data in cloud storage. IEEE transactions on information forensics and security, 8(12), 1947–1960.
Strembeck, M., and Mendling, J. (2011). Modeling process-related RBAC models with extended UML activity models. Information and Software Technology, 53(5), 456–483.
Chen, S. T., Xu, J. F., Hang, Y. X., and Li, J. W. (2016). Role-based access control for memory security on Network-on-Chips. In 13th IEEE International Conference on Solid-State and Integrated Circuit Technology (ICSICT), 2016 (pp. 1422–1424). IEEE.
Yaira K Rivera Sánchez, Steven A Demurjian, and Mohammed S Baihan. Achieving rbac on restful apis for mobile apps using fhir.
Gunti, N., Sun, W., and Niamat, M. (2011). I-rbac: Isolation enabled role-based access control. In Ninth Annual International Conference on Privacy, Security and Trust (PST), 2011 (pp. 79–86).
Chen, H. C., and Violetta, M. A. (2013). A cognitive RBAC model with handover functions in small heterogeneous networks. Mathematical and Computer Modelling, 58(5-6), 1267–1288.
Saenko, I., and Kotenko, I. (2017). Administrating role-based access control by genetic algorithms. In Proceedings of the Genetic and Evolutionary Computation Conference Companion (pp. 1463–1470).
Sergeev, A., and Matulevicius, R. (2017). An Approach to Capture Role-Based Access Control Models from Spring Web Applications. In Enterprise Distributed Object Computing Conference (EDOC), 2017 IEEE 21st International (pp. 159–164).
YAN, D. F., Yuan, T. I. A. N., HUANG, J. L., and YANG, F. C. (2013). Privacy-aware RBAC model for web services composition. The Journal of China Universities of Posts and Telecommunications, 20, 30–34.
Chuanfan, L. (2010). Research on role-based access control policy of e-government. In International Conference on E-Business and E-Government (ICEE), 2010 (pp. 714–716). IEEE.
Kwon, J., and Moon, C. J. (2007). Visual modeling and formal specification of constraints of RBAC using semantic web technology. Knowledge-Based Systems, 20(4), 350–356.
Rui-Feng Zhu, Jie Ning, and Pei Yu (2012). Application of role-based access control in information system. In International Conference on Wavelet Active Media Technology and Information Processing (ICWAMTIP), (pp. 426–428). IEEE.
Habib, M. A., Ahmad, M., Mahmood, N., and Ashraf, R. (2017). An evaluation of role based access control towards easier management compared to tight security. In Proceedings of the International Conference on Future Networks and Distributed Systems, p. 44. ACM.
Mitra, B., Sural, S., Vaidya, J., and Atluri, V. (2017). Migrating from RBAC to temporal RBAC. IET Information Security, 11(5), 294–300.
Jin, P., and Fang-Chun, Y. (2006). Description logic modeling of temporal attribute-based access control. In First International Conference on Communications and Electronics, 2006. ICCE’06. (pp. 414–418).
Ed-Daibouni, M., Lebbat, A., Tallal, S., & Medromi, H. (2016). A formal specification approach of privacy-aware attribute based access control (pa-abac) model for cloud computing. In International Conference on Systems of Collaboration (SysCo), (pp. 1–5).
Tawosi, V. (2016). A light weight dynamic attribute based access control module integrated with business rules. In IEEE 10th International Conference on Application of Information and Communication Technologies (AICT), (pp. 1–5).
Pussewalage, H. S. G., and Oleshchuk, V. A. (2016). An attribute based access control scheme for secure sharing of electronic health records. In IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom), (pp. 1–6).
Shen, H. B., and Hong, F. (2006). An attribute-based access control model for web services. In Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT’06. (pp. 74–79).
Hirra Anwar and Muhammad Awais Shibli (2012). Attribute based access control in dspace. In 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 571–576. IEEE.
Sabbari, M., and Alipour, H. S. (2011). Improving attribute based access control model for web services. In Information and Communication Technologies (WICT), 2011 World Congress on (pp. 1223–1228). IEEE.
Dan, N., Hua-Ji, S., Yuan, C., and Jia-Hu, G. (2012). Attribute based access control (ABAC)-based cross-domain access control in service-oriented architecture (SOA). In International Conference on Computer Science & Service System (CSSS), (pp. 1405–1408).
Bhatt, S., Patwa, F., and Sandhu, R. (2016). An attribute-based access control extension for openstack and its enforcement utilizing the policy machine. In IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), (pp. 37–45).
Bhatt, S., Patwa, F., and Sandhu, R. (2017). ABAC with group attributes and attribute hierarchies utilizing the policy machine. In Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control (pp. 17–28).
Heitor Henrique de Paula Moraes Costa, Aletéia Patrícia Favacho de Araújo, JoaJosé Costa Gondim, Maristela Terto de Holanda, and Maria Emília Machado Telles Walter. Attribute based access control in federated clouds: A case study in bionformatics. In 12th Iberian Conference on Information Systems and Technologies (CISTI), (pp. 1–7).
Ed Coyne and Timothy R Weil (2013). ABAC and RBAC: scalable, flexible and auditable access management. IT Professional, 15(3):0014–16.
Carlos E Rubio-Medrano, Clinton D’Souza, and Gail-Joon Ahn (2013). Supporting secure collaborations with attribute-based access control. In 9th International Conference Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), pp. 525–530.
Biswas, P., Sandhu, R., and Krishnan, R. (2017). Attribute transformation for attribute-based access control. In Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control, pp. 1–8.
Servos, D., and Osborn, S. L. (2017). Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR), 49(4), 65.
Rahat Masood, Muhammad Awais Shibli, et al (2012). Comparative analysis of access control systems on cloud. In 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel & Distributed Computing (SNPD), pp. 41–46.
Obrsta, L., McCandlessb, D., and Ferrella, D. (2012). Fast semantic attribute-role-based access control (ARBAC) in a collaborative environment. In 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), (pp. 703–710).
Wei, Y., Shi, C., and Shao, W. (2010). An attribute and role based access control model for service-oriented environment. In Chinese Control and Decision Conference (CCDC), (pp. 4451–4455).
Talukdar, T., Batra, G., Vaidya, J., Atluri, V., and Sural, S. (2017). Efficient Bottom-Up Mining of Attribute Based Access Control Policies. In IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), (pp. 339–348). IEEE.
Eugene Sanzi, Steven A Demurjian, and Jac Billings. Integrating trust profiles, trust negotiation, and attribute based access control.
Auxilia, M., and Raja, K. (2012). A semantic-based access control for ensuring data security in cloud computing. In International Conference on Radar, Communication and Computing (ICRCC), (pp. 171–175).
Zhang, K. J., and Jin, W. (2004). Putting role-based discretionary access control into practice. In Proceedings of 2004 International Conference on Machine Learning and Cybernetics, (pp. 2691–2696).
Osborn, S., Sandhu, R., and Munawer, Q. (2000). Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security (TISSEC), 3(2), 85–106.
Li, N., and Tripunitara, M. V. (2005). On safety in discretionary access control. In Security and Privacy, IEEE Symposium on (pp. 96–109). IEEE.
Zamite, J., Domingos, D., Silva, M. J., and Santos, C. (2013). Group-based discretionary access control for epidemiological resources. Procedia Technology, 9, 1149–1158.
Thomas, R. K., and Sandhu, R. S. (1993). Discretionary access control in object-oriented databases: Issues and research directions. In Proc. 16th National Computer Security Conference (pp. 63–74).
Fan, Y., Han, Z., Liu, J., and Zhao, Y. (2009). A mandatory access control model with enhanced flexibility. In International Conference on Multimedia Information Networking and Security, MINES’09. (Vol. 1, pp. 120–124). IEEE.
Zou, D., Shi, L., and Jin, H. (2009). DVM-MAC: a mandatory access control system in distributed virtual computing environment. In 15th International Conference on Parallel and Distributed Systems (ICPADS), (pp. 556–563). IEEE.
Briffaut, J., Lalande, J. F., and Smari, W. W. (2008). Team-based MAC policy over security-Enhanced Linux. In Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE’08. (pp. 41–46).
Zhu, H., Lü, K., and Jin, R. (2009). A practical mandatory access control model for xml databases. Information Sciences, 179(8):1116–1133.
Jiang, Y., Lin, C., Yin, H., and Tan, Z. (2004). Security analysis of mandatory access control model. In IEEE International Conference on Systems, Man and Cybernetics, (Vol. 6, pp. 5013–5018).
Kerr, L., and Alves-Foss, J. (2016). Combining Mandatory and Attribute-Based Access Control. In 49th Hawaii International Conference on System Sciences (HICSS), (pp. 2616–2623). IEEE.
Wang, R., Azab, A. M., Enck, W., Li, N., Ning, P., Chen, X., and Cheng, Y. (2017). SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 6126–624). ACM.
Blanc, M., and Lalande, J. F. (2013). Improving mandatory access control for HPC clusters. Future Generation Computer Systems, 29(3), 876–885.
Lei, Z., Hongli, Z., Lihua, Y., and Xiajiong, S. (2011). A mandatory access control model based on concept lattice. In International Conference on Network Computing and Information Security (NCIS), (Vol. 1, pp. 8–12).
Ray, I., and Kumar, M. (2006). Towards a location-based mandatory access control model. Computers & Security, 25(1), 36–44.
Shan, Z. (2009). Compatible and Usable Mandatory Access Control for Good-enough OS Security. In Second International Symposium on Electronic Commerce and Security,. ISECS’09. (Vol. 1, pp. 246–250).
Taubmann, B., Rakotondravony, N., and Reiser, H. P. (2016). Cloudphylactor: Harnessing mandatory access control for virtual machine introspection in cloud data centers. In Trustcom/BigDataSE/I SPA, IEEE (pp. 957–964).
Sujansky, W. V., Faus, S. A., Stone, E., and Brennan, P. F. (2010). A method to implement fine-grained access control for personal health records through standard relational database queries. Journal of biomedical informatics, 43(5), S46–S50.
Ruj, S., Nayak, A., and Stojmenovic, I. (2011). Distributed fine-grained access control in wireless sensor networks. In Parallel & Distributed Processing Symposium (IPDPS), 2011 IEEE International (pp. 352–362). IEEE.
Ma, F., Gao, Y., Yan, M., Xu, F., and Liu, D. (2010). The fine-grained security access control of spatial data. In 18th International Conference on Geoinformatics, (pp. 1–4).
Li, J., Zhao, G., Chen, X., Xie, D., Rong, C., Li, W., and Tang, Y. (2010). Fine-grained data access control systems with user accountability in cloud computing. In IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), (pp. 89–96). IEEE.
Mazzoleni, P., Crispo, B., Sivasubramanian, S., and Bertino, E. (2005). Efficient integration of fine-grained access control in large-scale grid services. In IEEE International Conference on Services Computing, (Vol. 1, pp. 77–84). IEEE.
Lai, Y. Y., and Qian, Q. (2015). H Base fine grained access control with extended permissions and inheritable roles. In 16th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), (pp. 1–5).
Ulusoy, H., Kantarcioglu, M., Pattuk, E., and Hamlen, K. (2014). Vigiles: Fine-grained access control for mapreduce systems. In IEEE International Congress on Big Data (BigData Congress), (pp. 40–47).
Shi, J., Zhu, H., Fu, G., and Jiang, T. (2009). On the soundness property for sql queries of fine-grained access control in dbmss. In Eighth IEEE/ACIS International Conference on Computer and Information Science, ICIS 2009. (pp. 469–474). IEEE.
Yang, T., Shen, P., Tian, X., and Chen, C. (2017). A Fine-Grained Access Control Scheme for Big Data Based on Classification Attributes. In IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW), (pp. 238–245).
Pooryousef, S., and Amini, M. (2016). Fine-grained access control for hybrid mobile applications in Android using restricted paths. In 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), (pp. 85–90).
Moore, N. (2011). Computational complexity of the problem of tree generation under fine-grained access control policies. Information and Computation, 209(3), 548–567.
Yu, S., Wang, C., Ren, K., and Lou, W. (2010). Achieving secure, scalable, and fine-grained data access control in cloud computing. In Infocom, 2010 proceedings IEEE (pp. 1–9).
Baseri, Y., Hafid, A., and Cherkaoui, S. (2016). K-anonymous location-based fine-grained access control for mobile cloud. In 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016 (pp. 720–725). IEEE.
Santanu Chatterjee, Sandip Roy, Ashok Kumar Das, Samiran Chattopadhyay, Neeraj Kumar, Goutham Reddy Alavalapati, Kisung Park, and YoungHo Park (2017). On the design of fine grained access control with user authentication scheme for telecare medicine information systems.
Xie, Y., Wen, H., Wu, B., Jiang, Y., and Meng, J. (2015). A modified hierarchical attribute-based encryption access control method for mobile cloud computing. IEEE Transactions on Cloud Computing.
Wang, G., Liu, Q., Wu, J., and Guo, M. (2011). Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. computers & security, 30(5), 320–331.
Das, A. K., Massand, A., and Patil, S. (2013). A novel proxy signature scheme based on user hierarchical access control policy. Journal of King Saud University-Computer and Information Sciences, 25(2), 219–228.
Wan, Z., Liu, J. E., and Deng, R. H. (2012). HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE transactions on information forensics and security, 7(2), 743–754.
Liu, X., Xia, Y., Jiang, S., Xia, F., and Wang, Y. (2013). Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (pp. 477–484).
Asim, M., Ignatenko, T., Petkovic, M., Trivellato, D., and Zannone, N. (2012). Enforcing access control in virtual organizations using hierarchical attribute-based encryption. In Seventh International Conference on Availability, Reliability and Security (ARES), (pp. 212–217).
Mamatha, B., and Haritha, A. Secure attributes based mechanism through access cipher policies in outsourced cloud data.
Xia, Z., Zhang, L., and Liu, D. (2016). Attribute-based access control scheme with efficient revocation in cloud computing. China Communications, 13(7), 92–99.
Luo, E., Liu, Q., and Wang, G. (2016). Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks. IEEE Communications Letters, 20(9), 1772–1775.
Zhou, K., and Ren, J. (2016). Secure fine-grained access control of mobile user data through untrusted cloud. In 25th International Conference on Computer Communication and Networks (ICCCN), (pp. 1–9). IEEE.
Cao, Z., Lang, B., and Wang, J. (2016). An Efficient and Fine-Grained Access Control Scheme for Multidimensional Data Aggregation in Smart Grid. In Trustcom/BigDataSE/I? SPA, 2016 IEEE (pp. 362–369). IEEE.
Yang, K., Han, Q., Li, H., Zheng, K., Su, Z., and Shen, X. (2017). An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Internet of Things Journal, 4(2), 563–571.
Wei Li, Wei Ni, Dongxi Liu, Ren Ping Liu, and Shoushan Luo. Fine-grained access control for personal health records in cloud computing.
Niu, X. (2017). Fine-grained Access Control Scheme Based on Cloud Storage. In 2017 International Conference on Computer Network, Electronic and Automation (ICCNEA) (pp. 512–515). IEEE.
N. Pandeeswari, P. Ganesh Kumar, and PC Rubini. A serial based encryption for enhanced access control in cloud computing.
Chatterjee, S., Gupta, A. K., and Sudhakar, G. V. (2015). An efficient dynamic fine grained access control scheme for secure data access in cloud networks. In IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT), (pp. 1–8).
Ximeng Liu, Hui Zhu, Jianfeng Ma, Jun Ma, and Siqi Ma (2014). Key-policy weighted attribute based encryption for fine-grained access control. In IEEE International Conference on, Communications Workshops (ICC), 2014 (pp. 694–699).
Wang, Q., Zhu, Y., and Luo, X. (2014). Multi-user searchable encryption with fine-grained access control without key sharing. In 3rd International Conference on Advanced Computer Science Applications and Technologies (ACSAT), (pp. 145–150).
Tamizharasi, G. S., Balamurugan, B., and Manjula, R. (2016). Attribute based encryption with fine-grained access provision in cloud computing. In Proceedings of the International Conference on Informatics and Analytics (p. 88). ACM.
Langaliya, C., and Aluvalu, R. (2015). Enhancing cloud security through access control models: A survey. International Journal of Computer Applications, 112(7).
Yang, K., Liu, Z., Jia, X., and Shen, X. S. (2016). Time-domain attribute-based access control for cloud-based video content sharing: A cryptographic approach. IEEE Transactions on Multimedia, 18(5), 940–950.