Access Control Framework for Cloud Computing

Abstract

Access control is generally a rule or procedure that allows, denies, restricts or limit access to system's resources. It may, as well, monitor and record all attempts made to access a system. Access Control may also identify users attempting to access unauthorized resources. It is a mechanism which is very much important for protection in computer security. Various access control models are in use, including the most common Mandatory Access Control (MAC), Discretionary Access Control (DAC) and Role Based Access Control (RBAC). All these models are known as identity based access control models. In all these access control models, user (subjects) and resources (objects) are identified by unique names. Identification may be done directly or through roles assigned to the subjects. These access control methods are effective in unchangeable distributed system, where there are only a set of Users with a known set of services. For this reason, we propose a framework which is well suited to many situations in cloud computing where users or applications can be clearly separated according to their job functions. In this chapter, we proposes a role based access control framework with various features including security of sensitive data, authorization policy and secure data from hackers. Our proposed role based access control algorithm provides tailored and fine level of user access control services without adding complexity, and supports access privileges updates dynamically when a user's role is added or updated.