A novel predicate based access control scheme for cloud environment using open stack swift storage

Abstract

Storage in cloud computing is the fundamental service which is widely used by consumers of cloud. Cloud offer many advantages such as flexibility, elasticity, scalability and sharing of data among users. However, cloud storage throws many privacy and security challenges. Especially, the most significant problem is access control mechanism which ensures sharing of dataonly to authorized users. Most of the cloud service providers offer Role Based Access Control (RBAC) where users are grouped into roles and access is given to resources based on roles. The problem with this scheme is that once a role gets access to a resource, further restrictions are not possible, where there are security limitations for which data owner needs to restrict access to a part of an object but not entire object. This work proposes to useSwift, an object storage service in open source cloud named OpenStack. Swift restricts access to objects using Access Control Lists (ACLs). As per ACL, users can gain access to an object. However, once access is given, users can access the complete object without further restrictions. The proposed work is evaluated in real cloud environment Amazon cloud, Microsoft Azure, and Open stack cloud. A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage. Access is provided to predicates that are part of an object. Instead of following an “all or nothing” approach, an access control mechanism that makes the Swift storage and retrieval more secure is preferred.