Enhancing Access Control Trees for Cloud Computing

  • Neil Ayeb
  • Francesco Di CerboEmail author
  • Slim Trabelsi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9881)


In their different facets and flavours, cloud services are known for their performance and scalability in the number of users and resources. Cloud computing therefore needs security mechanisms that have the same characteristics. The Access Control Tree (ACT) is an authorization mechanism proposed for cloud services due to its performances and scalability in the number of resources and users. After an initial set-up phase, the ACT permits to simplify the evaluation of an authorization request to a simple visit to the tree structure. Our contribution extends ACT towards instance-based access control models by allowing the expression and evaluation of conditions in access control decisions. We evaluated our contribution against an Open Source authorization mechanism to evaluate its performance and suitability to production settings. Early results seem encouraging with this respect.


Access control Data structures Cloud 



This work was partly supported by EU-funded (FP7/2007–2013) project CoCo Cloud [grant no. 610853].


  1. 1.
    Gabillon, A., Munier, M., Bascou, J.-J., Gallon, L., Bruno, E.: An access control model for tree data structures. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, p. 117. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: OASIS eXtensible access control 2 markup language (XACML) 3. Technical report, OASIS (2002)Google Scholar
  3. 3.
    Harnik, D., Kolodner, E.K., Ronen, S., Satran, J., Shulman-Peleg, A., Tal, S.: Secure access mechanism for cloud storage. Scalable Comput. Pract. Exp. 12(3), 317–336 (2011)Google Scholar
  4. 4.
    Mell. P.M., Grance. T.: SP 800-145. the NIST Definition of Cloud Computing. Technical Report. NIST, Gaithersburg, MD, United States (2011)Google Scholar
  5. 5.
    Popa, L., Yu, M., Ko, S.Y., Ratnasamy, S., Stoica, I.: Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 7. ACM (2010)Google Scholar
  6. 6.
    Reeja, S.: Role based access control mechanism in cloud computing using co-operative secondary authorization recycling method. Int. J. Emerg. Technol. Adv. Eng. 2(10), 25–34 (2012)Google Scholar
  7. 7.
    Shiftehfar, R., Mechitov, K., Agha, G.: Towards a flexible fine-grained access control system for modern cloud applications. In: IEEE CLOUD, pp. 966–967. IEEE (2014)Google Scholar
  8. 8.
    Tang, Z., Wei, J., Sallam, A., Li, K., Li, R.: A new RBAC based access control model for cloud computing. In: Li, R., Cao, J., Bourgeois, J. (eds.) GPC 2012. LNCS, vol. 7296, pp. 279–288. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Trabelsi, S., Ecuyer, A., Alvarez, P.C.Y., Di Cerbo, F.: Optimizing access control performance for the cloud. In: Proceedings of CLOSER 2014, pp. 551–558 (2014)Google Scholar
  10. 10.
    Younis, Y.A., Kifayat, K., Merabti, M.: An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Security Research, SAP Labs FranceMouginsFrance

Personalised recommendations