EACF: extensible access control framework for cloud environments

Abstract

The dynamic authorization and continuous monitoring of resource usage in cloud environments is a challenge. Moreover, the extant access control techniques are not well-suited for all types of the cloud-hosted applications predominantly for two reasons. Firstly, these techniques lack in providing features such as generality, extensibility, and flexibility. Secondly, they are static in nature, such that once the user is authorized, they do not evaluate the access request during and after the resource usage. Every application hosted in the cloud has its own requirement of evaluating access request; some applications require request evaluation before assigning resources, while some require continuous monitoring of resource usage along with a dynamic update of attribute values. To address these diverse requirements, we present an Extensible Access Control Framework (EACF) for cloud-based applications, which provides high-level extensibility by incorporating different access control models about the needs of the Cloud service consumers (organizations). A number of access control models are combined in the EACF, which provides reliable authorization service for managing and controlling access to the software as a service-hosted cloud applications.It also helps cloud consumers to provide authorized access to resources (data), as well as contributes to eliminate the need to write customized security code for individual applications. As a case study, three access control models are incorporated into the framework and tested on SaaS-hosted application DSpace to ascertain that the proposed features are functional and working fine.