Abstract
Cloud computing is an emerging and highly attractive technology due to its inherent efficiency, cost-effectiveness, flexibility, scalability and pay-per-use characteristics. But alongside these advantages, many new problems have also surfaced and some of these issues have become a cause of grave concern. One of the existing problems that have become critical in the cloud environment is the issue of access control and security. Access control refers to a policy that authenticates a user and permits the authorized user to access data and other resources of cloud-based systems. In access control, there are several restrictions and rules that need to be followed by the users before they can access any kind of data or resource from the cloud-based servers. In this context, there are many access control models suggested by researchers that currently exist. In this chapter, a brief discussion of the various access control models has been presented. Moreover, the taxonomy of access control schemes has also been introduced. Finally, based on the analysis of the mechanisms adapted therein, the access control models are classified into different classes of the proposed taxonomy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ateniese G, Fu K, Green M, Hohenberger S (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM T Inf Sys Secur 9(1):1–30
Ausanka-Crues R (2006) Methods for access control: advances and limitations. http://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ryan.pdf. Accessed 9 Oct 2013
Baldwin RW (1990) Naming and grouping privileges to simplify security management in large databases. In: Proceedings of the IEEE computer society symposium on research in security and privacy, pp 116–132, Oakland, USA, May 1990
Bell DE, Padula LJL (March 1976) Secure computer system: unified exposition and multics interpretation (Mitre Corporation). http://www.dtic.mil/dtic/tr/fulltext/u2/a023588.pdf. Accessed 7 Oct 2013
Bertino E, Bonatti PA, Ferrari E (2001) TRBAC: a temporal role-based access control model. ACM T Inf Syst Secur 4(3):191–233
Bertino E, Carminati B, Ferrari E (2002) A temporal key management scheme for secure broadcasting of XML documents. In: Proceedings of 9th ACM conference on computer and communications security, pp 31–40, Washington, DC, USA, Nov 2002
Bertino E, Byun JW, Li N (2005) Privacy-preserving database systems. In: Aldini A, Gorrieri R, Martinelli F (eds) Foundations of security analysis and design III. Springer, Berlin, pp 178–206
Bishop M (2002) Computer security: art and science, Addison-Wesley, Boston
Byun J W, Bertino E, Li Ninghui (2005) Purpose based access control of complex data for privacy protection. In: Proceedings of 10th ACM symposium on access control models and technologies, pp 102–110, Stockholm, Sweden, June 2005
Clark DD, Wilson DR (1987) A comparison of commercial and military computer security policies. In: Proceedings of IEEE symposium on computer security and privacy, pp 184–194, Oakland, USA, April 1987
Danwei C, Xiuli H, Xunyi R (2009) Access control of cloud service based on UCON. Proceedings of CloudCom, pp 559–564, Beijing, China, Dec 2009
Fabry RS (1974) Capability-based addressing. Commun ACM 17(7):403–412
Federal Information Processing Standards (1994) Security requirements for cryptographic modules. http://www.itl.nist.gov/fipspubs/fip140-1.htm. Accessed 6 Oct 2013
Ferraiolo DF, Kuhn DR (1992) Role-based access controls. In: Proceedings of the 15th national computer security conference, pp 554–563, Baltimore, USA, Oct 1992
Gao X, Jiang Z, Jiang R (2012) A novel data access scheme in cloud computing. In: Proceedings of the 2nd international conference on computer and information applications, pp 124–127, Taiyuan, Chaina, Dec 2012
Hota C, Sankar S, Rajarajan M, Nair SK (2011) Capability-based cryptographic data access control in cloud computing. Int J Adv Netw Appl 3(03):1152–1161
Jiyi W, Qianli S, Jianlin Z, Qi X (2011) Cloud computing: cloud security to trusted cloud. Adv Mater Res 186:596–600
Kalam AAE, Baida RE, Balbiani P, Benferhat S (2003) Organization based access control. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks, pp 120–131, Lake Como, Italy, June 2003
Khan AR (2012) Access control in cloud computing environment. ARPN J Eng Appl Sci 7(5):1819–6608
Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27
Lampson BW (1971), Protection. In: Proceedings of 5th Princeton symposium on information science and systems, pp 437–443, Princeton University, USA, March 1971 (reprinted in Oper Syst Rev 8(1):18–24, Jan 1974)
Mayfield T, Roskos JE, Welke SR, Boone JM (1991) Integrity in automated information systems (Institute for Defence Analysis). http://www.csirt.org/color_%20books/C-TR-79-91.pdf. Accessed 4 Oct 2013
Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM symposium on access control models and technologies, pp. 57–64, Monterey, USA, June 2002
Park J, Sandhu R (2004) The UCONABC usage control model. ACM T Inf Syst Secur 7(1):128–174
Popovic K, Hocenski Z (2010) Cloud computing security issues and challenges. In: Proceedings of the 33rd international convention on information and communication technology, electronics and microelectronics, pp 344–349, Opatija, Croatia, May 2010
Pries R, Yu W, Fu X, Zhao W (2008) A new replay attack against anonymous communication networks. In: Proc IEEE international conference on communication, pp 1578–1582, Beijing, China, May 2008
Saidi MB, Elkalam AA, Marzouk A (2012) TOrBAC: a trust organization based access control model for cloud computing systems. Int J Soft Comput Eng 2(4):122–130
Sandhu R, Ferraiolo D, Kuhn R (2000) The NIST model for role based access control: toward a unified standard. In: Proceedings of the 5th ACM workshop on role based access control, pp 47–63, Berlin, Germany, July 2000
Sanka S, Hota C, Rajarajan M (2010) Secure data access in cloud computing. In: Proceeding 4th international conference on internet multimedia systems architectures and applications, pp 1–6, Bangalore, India, Dec 2010
Sasaki T, Nakae M, Ogawa R (2010) Content oriented virtual domains for secure information sharing across organizations. In: Proceedings of the ACM workshop on cloud computing security, pp 7–12, Chicago, USA, 2010
Singh P, Singh S (2013) A new advance efficient RBAC to enhance the security in cloud computing. Int J Adv Res Comput Sci Softw Eng 3(6):1136–1142
Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M (2012) On breaking SAML: be whoever you want to be. In: Proceedings of the 21st USENIX conference on security symposium, pp 21–21, Bellevue, WA, Aug 2012
Sun L, Li Y (2006) DTD level authorization in XML documents with usage control. Int J Comput Sci Netw Secur 6(11):244–250
Sun L, Wang H (2010) A purpose based usage access control model. Int J Comput Inf Eng 4(1):44–51
Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007a) Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd international conference on very large databases, pp 123–134, Vienna, Austria, Sept 2007
Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007b) A data outsourcing architecture combining cryptography and access control. In: Proceedings of the ACM workshop on computer security architecture, pp 63–69, Alexandria, USA, Oct 2007
Wang W, Li Z, Owens R, Bhargava B (2009) Secure and efficient access to outsourced data. In: Proceedings of the ACM cloud computing security workshop, pp 55–65, Chicago, USA, Nov 2009
Wu Y, Suhendra V, Guo H (2012) A gateway-based access control scheme for collaborative clouds. In: Wagner A (ed) Seventh International Conference on Internet Monitoring and Protection, Stuttgart, Germany, June 2012. Red Hook, Curran Associates, pp. 54–60
Xu J, Yan J, He L, Su P, Feng D (2010) CloudSEC: a cloud architecture for composing collaborative security services. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science, pp 703–711, Indiana, USA, Dec 2010
Youseff L, Butrico M, Da Silva D (2008) Toward a unified ontology of cloud computing. In: Proceedings of the grid computing environments workshop, pp 1–10, Austin, USA, Nov 2008
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. Proceedings of the IEEE INFOCOM, pp 1–9, San Diego, USA, March 2010
Zargar ST, Hassan T, Joshi JBD (2011) DCDIDP: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In: Proceedings of the 7th international conference on collaborative computing: networking, applications and worksharing (collaborateCom), pp 332–341, Orlando, USA, Oct 2011
Zhu Y, Hu H, Ahn GJ, Huang D (2012) Towards temporal access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp 2576–2580, Orlando, USA, March 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag London
About this chapter
Cite this chapter
Majumder, A., Namasudra, S., Nath, S. (2014). Taxonomy and Classification of Access Control Models for Cloud Environments. In: Mahmood, Z. (eds) Continued Rise of the Cloud. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-6452-4_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-6452-4_2
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-6451-7
Online ISBN: 978-1-4471-6452-4
eBook Packages: Computer ScienceComputer Science (R0)