A Comprehensive Survey and Analysis on Access Control Schemes in Cloud Environment

Shynu, P. G.; Singh, K. John

doi:10.1515/cait-2016-0002

Abstract

Cloud computing has emerged as the most dominant computational paradigm in recent times. There are tremendous benefits for enterprises adopting cloud technologies. It provides resources and services on demand, pay-as-you go basis. This includes infrastructure, platform and software services. But there are still a number of security threats and challenges associated with utilizing cloud computing. A proper access control is the fundamental security requirement in any cloud environment, to avoid unauthorized access to the cloud systems. As cloud computing supports multi-tenancy and has a various categories of users with different sets of security requirements, traditional access control models and policies cannot be used. This paper discusses on various access control models used for cloud environment and presents a detailed requirement analysis for developing an access control, specifically for the cloud. A comprehensive study on various security problems associated with outsourced data on the cloud and their existing solutions are also described, with the future research directions.

References

1. Mell, P., T. Grance. The NIST Definition of Cloud, National Institute of Standards and Technology, 2011.10.6028/NIST.SP.800-145
Search in Google Scholar
2. Wang, C., Q. Wang, K. Ren, W. Lou. Ensuring Data Storage inn Cloud Computing. – In: Proc. of 17th International Workshop on Quality of Service, 2009.
Search in Google Scholar
3. Wang, Z. Security and Privacy Issues within the Cloud Computing. – In: Proc. of 2011 International Conference on Computational and Information Sciences, IEEE, 2011.10.1109/ICCIS.2011.247
Search in Google Scholar
4. Hubbard, D. W., H. Z. Sutton. Top Threats to Cloud Computing. V1.0. 2010.
Search in Google Scholar
5. Subashini, S., V. Kavitha. A Survey on Security Issues in Service Delivery Models of Cloud Computing. – Journal of Network and Computer Applications, Vol. 34, January 2011, No 1, pp. 1-11.10.1016/j.jnca.2010.07.006
Search in Google Scholar
6. Robert, D., T. Stephen. A Survey on Securing the Virtual Cloud. – Journal of Cloud Computing: Advances, Systems and Applications, Vol. 2, 2013, No 1, pp. 2-17.10.1186/2192-113X-2-17
Search in Google Scholar
7. Clavister. Security in the Cloud. 2009. http://www.it-wire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf
Search in Google Scholar
8. Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2010, p. 640.
Search in Google Scholar
9. Ausanka Crues, R. Methods for Access Control: Advances and Limitations. 2004.
Search in Google Scholar
10. Bell, D., L. La Padula. Secure Computer Systems: Mathematical Foundations. Bedford, MA, 1973.
Search in Google Scholar
11. Biba, K. Integrity Considerations for Secure Computer Systems. MA, Bedford, 1977.
Search in Google Scholar
12. Harris, S. Mike Meyers’ CISSP (R) Certification Passport. 1st Ed. McGraw-Hill, 2002, p. 422.
Search in Google Scholar
13. Lampson, B. Protection. – In: Proc. of 5th Princeton Symposium on Information Sciences and Systems, Princeton University, 1971.
Search in Google Scholar
14. Samarati, P., S. Vimercati. Access Control: Policies, Models, and Mechanisms. Foundations of Security Analysis and Design, 2001, pp. 137-196.10.1007/3-540-45608-2_3
Search in Google Scholar
15. Laurie, B. Access Control. V0.1. 2009.10.1007/978-0-387-73003-5_2007
Search in Google Scholar
16. Oh, S., S. Park. Task-Role-Based Access Control Model. – Information Systems, Vol. 28, September 2003, No 6, pp. 533-562.10.1016/S0306-4379(02)00029-7
Search in Google Scholar
17. Suhendra, V. A Survey on Access Control Deployment. – Communications in Computer and Information Science, Vol. 259, 2011, pp. 11-20.10.1007/978-3-642-27189-2_2
Search in Google Scholar
18. Hu, V. C., K. Scarfone. Guidelines for Access Control Ssystem Evaluation Metrics. 2012.10.6028/NIST.IR.7874
Search in Google Scholar
29. Al-Kahtani, R. Sandhu. A Model for Attribute-Based User-Role Assignment. – In: Proc. of 18th Annual Computer Security Applications Conference (ACSAC’02), IEEE Comput. Society, 2002.
Search in Google Scholar
20. Karp, A., H. Haury, M. Davis. From ABAC to ZBAC: The Evolution of Access Control Models. 2009.
Search in Google Scholar
21. Brucker, A., L. Brugger, P. Kearney, B. Wolff. An Approach to Modular and Testable Security Models of Real-World Health-Care Applications. – In: Proc. of 16th ACM Symposium on Access Control Models and Technologies (SACMAT’11), 2011.10.1145/1998441.1998461
Search in Google Scholar
22. Cheng, P., P. Rohatgi. Fuzzy Multi-Level Security. – In: Proc. of IEEE Symposium on Security and Privacy, 2007, SP’07, 2007.
Search in Google Scholar
23. Choudhury, A., P. Kumar, M. Sain, H. Lim, H. Jae-Lee. A Strong User Authentication Framework for Cloud Computing. – In: 2011 IEEE Asia-Pacific Services Computing Conference, 2011.10.1109/APSCC.2011.14
Search in Google Scholar
24. Crago, S., K. Dunn, P. Eads, L. Hochstein, M. Kang. Heterogeneous Cloud Computing. – In: Proc. of 2011 IEEE International Conference on Cluster Computing, IEEE, 2011.10.1109/CLUSTER.2011.49
Search in Google Scholar
25. Patil, V., A. Mei, L. Mancini. Addressing Interoperability Issues in Access Control Models. – In: Proc. of 2nd ACM Symposium on Information, Computer and Communications Security ASIACCS’07, 2007.10.1145/1229285.1229337
Search in Google Scholar
26. Hu, V., D. Kuhn, D. Ferraiolo. The Computational Complexity of Enforceability Validation for Generic Access Control Rule. – In: Proc. of IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), IEEE, 2006.
Search in Google Scholar
27. Keromytis, A., J. Smith. Requirements for Scalable Access Control and Security Management Architectures. – ACM Transactions on Internet Technology, Vol. 7, 2007, No 2.10.1145/1239971.1239972
Search in Google Scholar
28. Jin, X., R. Krishnan, R. Sandhu. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. – In: Proc. of 26th Annual Conference on Data and Applications Security and Privacy IFIP WG 11.3, 2012.10.1007/978-3-642-31540-4_4
Search in Google Scholar
29. Almutairi, A., M. Sarfraz, S. Basalamah. A Distributed Access Control Architecture for Cloud Computing. – In: Proc. of Softw. IEEE 2012, 2012.10.1109/MS.2011.153
Search in Google Scholar
30. Ferraiolo, D., J. Barkley, D. Kuhn. A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. – ACM Transactions on Information and System Security (TISSEC), Vol. 2, 1999, No 1, pp. 34-64.10.1145/300830.300834
Search in Google Scholar
31. Hasebe, K., M. Mabuchi, A. Matsushita. Capability-Based Delegation Model in RBAC. – In: Proc. of 15th ACM Symposium on Access Control Models and Technologies e SACMAT’10, New York, USA, 2010.10.1145/1809842.1809861
Search in Google Scholar
32. Oh, S., S. Park. Task Role-Based Access Control Model. – Information Systems, Vol. 28, September 2003, No 6, pp. 533-562.10.1016/S0306-4379(02)00029-7
Search in Google Scholar
33. Zhang, R., L. Liu, J. Li, Z. Han. RBTBAC: Secure Access and Management of EHR Data. – In: Proc. of 3rd International Workshop on e-Healthcare Information Security (e-HISec’2011), 2011.
Search in Google Scholar
34. Tianyi, Z., L. Weidong, S. Jiaxing. An Efficient Role Based Access Control System for Cloud Computing. – In: Proc. of 11th International Conference on Computer and InformationTechnology, 2011 IEEE.10.1109/CIT.2011.36
Search in Google Scholar
35. Jayaprakash, H. A., M. H. Gunes. Ensuring Access Control in Cloud Provisioned Healthcare Systems. – In: Proc. of Consumer Communications and Networking Conference (CCNC’11), 2011.
Search in Google Scholar
36. Sun, L., H. Wang, J. Yong, G. Wu. Semantic Access Control for Cloud Computing Based on e-Healthcare. – In Proc. of 16th International Conference on Computer Supported Cooperative Work in Design (CSCWD’12), 2012 IEEE.10.1109/CSCWD.2012.6221866
Search in Google Scholar
37. Tsai, W., Q. Shao. Role-Based Access Control Using Reference Ontology in Clouds. – In: Proc. of 10th International Symposium on Autonomous Decentralized Systems, 2011.10.1109/ISADS.2011.21
Search in Google Scholar
38. Mon, E., T. Naing. The Privacy-Aware Access Control System Using Attribute-and Role-Based Access Control in Private Cloud. – In: Proc. of 4th IEEE International Conference on Broadband Network and Multimedia Technology, 2011.10.1109/ICBNMT.2011.6155974
Search in Google Scholar
39. Ra, C. W. K., W. L. S. Yu. Achieving Secure, Scalable, and Fine-Grained Data Access. – In: Proc. of 29th IEEE International Conference on Information, 2010.
Search in Google Scholar
40. Wan, Z., J. Liu, R. H. Deng. HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. – IEEE Transactions on Information Forensics and Security, Vol. 7, April 2012, No 2, pp. 743-754.10.1109/TIFS.2011.2172209
Search in Google Scholar
41. Jeremy, H., L. Ben. Toward Hierarchical Identity-Based Encryption. – Lecture Notes in Computer Science, Advances in Cryptology – EUROCRYPT 2002, Vol. 2332, Springer Berlin Heidelberg, 2002, pp. 466-481.
Search in Google Scholar
42. Xin, D., Y. Jiadi, L. Yuan, C. Yingying. Achieving an Effective, Scalable and Privacy-Preserving Data Sharing Service in Cloud Computing. – Computers & Security, Vol. 42, 2014, pp. 151-164.10.1016/j.cose.2013.12.002
Search in Google Scholar
43. Liu, Q., G. Wang, J. Wub. Time-Based Proxy Re-Encryption Scheme for Secure Data Sharing in a Cloud Environment. – Information Sciences, Vol. 258, February 2014, No 10, pp. 355-370.10.1016/j.ins.2012.09.034
Search in Google Scholar
44. Liu, H., Q. Xiong. Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing. – IEEE Transactions on Parallel and Distributed Systems, Vol. 26, January 2015, No 1, pp. 241-251.10.1109/TPDS.2014.2308218
Search in Google Scholar
45. Nabeel, M., E. Bertino, B. Thuraisingham, M. Kantarcioglu. Towards Privacy Preserving Access Control in the Cloud. – In: Proc. of International Conference on Collaborative Computing: Networking, Aplications and Worksharing (CollaborateCom), Orlando, USA, 2011.
Search in Google Scholar
46. Marian, H., F. Sascha, B. Michael, M. Thomas, S. Matthew. Towards Privacy-Preserving Access Control with Hidden Policies, Hidden Credentials and Hidden Decisions. – In: Proc. of 10th Annual International Conference on Privacy, Security and Trust, 2012.
Search in Google Scholar
47. Hassan, T. Privacy Aware Access Control for Data Sharing in Cloud Computing Environments. – In: Proc. of 2nd International Workshop on Security in Cloud Computing, 2014.
Search in Google Scholar
48. Huang, X., Q. Tao, B. Qin, Z. Liu. Multi-Authority Attribute Based Encryption Scheme with Revocation. – In: Proc. of 24th IEEE International Conference on Computer Communication and Networks (ICCCN’2015), 201510.1109/ICCCN.2015.7288431
Search in Google Scholar
49. Sahai, A., B. Waters. Fuzzy Identity-Based Encryption. – In: Advances in Cryptology – Lecture Notes in Computer Science, Springer, 2005, pp. 457-473.10.1007/11426639_27
Search in Google Scholar
50. Nali, D., C. Adams, A. Miri. Using Threshold Attribute Based Encryption for Practical Biometric-Based Access Control. – International Journal of Network Security, Vol. 1, 2005, No 3, pp. 173-182.
Search in Google Scholar
51. Goyal, V., O. Pandey, A. Sahai, B. Waters. Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data. – In: Proc. of 13th ACM Conference on Computer and Communications Security (CCS’06), November 2006.10.1145/1180405.1180418
Search in Google Scholar
52. Bethencourt, J., A. Sahai, B. Waters. Ciphertext-Policy Attribute-Based Encryption. – In: Proc. of IEEE Symposium on Security and Privacy (SP’07), May 2007, pp. 321-334.10.1109/SP.2007.11
Search in Google Scholar
53. Chase, M. Multi-Authority Attribute Based Encryption. – In: Proc. of 4th Conference on Theory of Cryptography TCC’07, 2007.
Search in Google Scholar
54. Lin, H., Z. Cao, X. Liang, J. Shao. Secure Threshold Multi Authority Attribute Based Encryption Without a Central Authority. – Information Sciences, Vol. 180, 2010, No 13, pp. 2618-2632.10.1016/j.ins.2010.03.004
Search in Google Scholar
55. Gennaro, R., S. Jarecki, H. Krawczyk, T. Rabin. Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. – In: Proc. of Advances in Cryptology – EUROCRYPT’99, 1999.10.1007/3-540-48910-X_21
Search in Google Scholar
56. Chase, M., S. S. M. Chow. Improving Privacy and Security in Multi-Authority Attribute-Based Encryption. – In: 16th ACM Conference on Computer and Communications, Chicago, Ill, USA, November 2009, pp. 121-130.10.1145/1653662.1653678
Search in Google Scholar
57. Han, J., W. Susilo, Y. Mu, J. Yan. Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption. – IEEE Transactions on Parallel and DistributedSystems, Vol. 23, 2012, No 2, pp. 2150-2162.10.1109/TPDS.2012.50
Search in Google Scholar
58. Lewko, A., B. Waters. Decentralizing Attribute-Based Encryption. – In: Advances in Cryptology, Lecture Notes in Computer Science, Heidelberg, Germany, Springer, 2011, pp. 568-588.10.1007/978-3-642-20465-4_31
Search in Google Scholar
59. Raykova, M., H. Zhao, S. M. Bellovin. Privacy Enhanced Access Control for Outsourced Data Sharing. – In: Proc. of Financial Cryptography and Data Security, 2012.10.1007/978-3-642-32946-3_17
Search in Google Scholar

A Comprehensive Survey and Analysis on Access Control Schemes in Cloud Environment

Abstract

Paradigm

My account