An access control framework for multi-level security in cloud environments

Abstract

Due to the cloud system always consists of many domain, we design an access control framework which provides rigorous multilevel security in single domain and a multilevel mapping method between domains. In each domain, a policy processing method is designed to handle the multilevel policies and creates a DAG model which can be converted to a hierarchical access control structure that ensures rigorous multilevel security in intra domains. And between domains, the mapping method based on quantised subject attributes is proposed to determine the subject's security level in its target domain. Credibility is used to adjust the mapping value in the framework in order to achieve flexible multilevel inter-domain access control. Experimental results from simulations show that the designed model can realise accurate inter-domain mapping and achieve multilevel security access control in inter-domain.