Enhancing Access Control Trees for Cloud Computing
In their different facets and flavours, cloud services are known for their performance and scalability in the number of users and resources. Cloud computing therefore needs security mechanisms that have the same characteristics. The Access Control Tree (ACT) is an authorization mechanism proposed for cloud services due to its performances and scalability in the number of resources and users. After an initial set-up phase, the ACT permits to simplify the evaluation of an authorization request to a simple visit to the tree structure. Our contribution extends ACT towards instance-based access control models by allowing the expression and evaluation of conditions in access control decisions. We evaluated our contribution against an Open Source authorization mechanism to evaluate its performance and suitability to production settings. Early results seem encouraging with this respect.
KeywordsAccess control Data structures Cloud
This work was partly supported by EU-funded (FP7/2007–2013) project CoCo Cloud [grant no. 610853].
- 2.Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: OASIS eXtensible access control 2 markup language (XACML) 3. Technical report, OASIS (2002)Google Scholar
- 3.Harnik, D., Kolodner, E.K., Ronen, S., Satran, J., Shulman-Peleg, A., Tal, S.: Secure access mechanism for cloud storage. Scalable Comput. Pract. Exp. 12(3), 317–336 (2011)Google Scholar
- 4.Mell. P.M., Grance. T.: SP 800-145. the NIST Definition of Cloud Computing. Technical Report. NIST, Gaithersburg, MD, United States (2011)Google Scholar
- 5.Popa, L., Yu, M., Ko, S.Y., Ratnasamy, S., Stoica, I.: Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 7. ACM (2010)Google Scholar
- 6.Reeja, S.: Role based access control mechanism in cloud computing using co-operative secondary authorization recycling method. Int. J. Emerg. Technol. Adv. Eng. 2(10), 25–34 (2012)Google Scholar
- 7.Shiftehfar, R., Mechitov, K., Agha, G.: Towards a flexible fine-grained access control system for modern cloud applications. In: IEEE CLOUD, pp. 966–967. IEEE (2014)Google Scholar
- 9.Trabelsi, S., Ecuyer, A., Alvarez, P.C.Y., Di Cerbo, F.: Optimizing access control performance for the cloud. In: Proceedings of CLOSER 2014, pp. 551–558 (2014)Google Scholar
- 10.Younis, Y.A., Kifayat, K., Merabti, M.: An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014)Google Scholar