Cloud-based Access Control Research Articles

Cloud-Based Access Control Including Time and Location

Location-based services (LBS) offer various functionalities, but ensuring secure access to sensitive user data remains a challenge. Traditional access control methods often need more detail to enforce location-specific restrictions. This paper proposes a new approach that utilizes the Generalized Spatio-Temporal Role-Based Access Control Model (GSTRBAC) within the context of LBS. GSTRBAC grants access based on user credentials, authorized locations, and access times, providing a detailed approach to securing LBS data. We introduce an optimized cloud-based GSTRBAC implementation suitable for deployment in modern LBS architectures. The system uses two secure communication protocols tailored to different security requirements. This allows for efficient communication for less-sensitive data while offering robust protection for highly sensitive information. Additionally, a proof-of-concept mobile application demonstrates the system’s functionality and efficiency within an LBS environment. Our evaluation confirms the effectiveness of the cloud-based GSTRBAC implementation in enforcing location-specific access control while maintaining resource and time efficiency.

Adaptive context-aware access control for IoT environments leveraging fog computing

The increasing use of the Internet of Things (IoT) has driven the demand for enhanced and robust access control methods to protect resources from unauthorized access. A cloud-based access control approach brings significant challenges in terms of communication overhead, high latency, and complete reliance. In this paper, we propose a Fog-Based Adaptive Context-Aware Access Control (FB-ACAAC) framework for IoT devices, dynamically adjusting access policies based on contextual information to prevent unauthorised resource access. The main purpose of FB-ACAAC is to provide adaptability to changing access behaviors and context by bringing decision-making and information about policies closer to the end nodes of the network. FB-ACAAC improves the availability of resources and reduces the amount of time for information to be processed. FB-ACAAC extends the widely used eXtensible Access Control Markup Language (XACML) to manage access control decisions. Traditional XACML-based methods do not take into account changing environments, different contexts, and changing access behaviors and are vulnerable to certain types of attacks. To address these issues, FB-ACAAC proposes an adaptive context-aware XACML scheme for heterogeneous distributed IoT environments using fog computing and is designed to be context-aware, adaptable, and secure in the face of unauthorised access. The effectiveness of this new scheme is verified through experiments, and it has a low processing time overhead while providing extra features and improved security.

Outsourcing multiauthority access control revocation and computations over medical data to mobile cloud

With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud-based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud-based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext-policy attribute-based encryption (CP-ABE) was provided as an innovative cloud-based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross-domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext-policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie-Hellman assumption.

Secure Data Sharing with Efficient Key Update for Industrial Cloud-based Access Control

Sharing data in industrial cloud requires both secure and flexibility management of data shared among users in the industry. Users should have ability to access authorized portion of data from smart edge devices with integrated secure protocol for interacting with cloud storage. Among cryptographic-based access control solutions, ciphertext-policy attribute-based encryption (CP-ABE) is recognized as a suitable solution for supporting secure and fine-grained data access control for outsourced data. However, the attribute revocation is a major drawback of CP-ABE since it introduces subsequent costs such as ciphertext re-encryption, user key re-generation, and key re-distribution. Existing revocable CP-ABE based access control models have focused on minimizing the cost of communication and computation cost for ciphertext re-encryption. Unfortunately, the key update issue is subject to re-key generation as traditional CP-ABE does. In essence, key update becomes crucial when there are a high number of users accessing shared data in the cloud. In this paper, we propose a lightweight access control model featured with the efficient key updating scheme. Finally, the performance evaluation is conducted to demonstrate the efficiency of our proposed scheme.

Cloud-Based Access Control Framework for Effective Role Provisioning in Business Application

In the evolution of social networks and big data, secure information sharing is a crucial task. When information is shared between the user and the organization admin, security plays a key role in any business organization in terms of privacy. Though many fruitful solutions prevail to protect the data integrity and privacy, there is a huge space for novel data protection schemes where a large set of data are involved. In this article, the Cloud-Based Access Control (C-BAC) framework is proposed which can fit in any business organization application. In this C-BAC, Policy Enforcement Point (PEP) is used to avoid unwanted information sharing with the neighboring employee. C-BAC framework with RSA provides security, based on the number of employees with the data handled by the particular employee, better than the existing access control framework with asymmetric encryption standard (AES) and Rivest–Shamir–Adleman (RSA) in terms of individual information handling.

Cloud-Based Access Control to Preserve Privacy in Academic Web Application

Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol; thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.

Secure Cloud-based Access Control Optimization (SCACO)

Objective: We propose a decentralized access controlled scheme for secure data storage in clouds that supports public key encryption. Our scheme also has the added feature of generating attribute key-value pairs with ciphers for easily granting permission to transfer data. The scheme prevents tampering by performing integrity checks and verifying the message digest. Methods/Statistical Analysis: In the proposed scheme, the data is transferred by public key encryption among users by the RSA algorithm. The attributes are sent via e-mail and can trigger an encrypted transfer of data stream, which can be decrypted only by the validated users. The cloud does not store the private keys of users and only stores public keys. Findings: The computation and transfer of cipher text, and storage overheads are the same as a centralized scheme. The decentralization of data makes it private and the encrypted copy on the cloud provides a redundant backup which cannot be read by the cloud. The performance of the scheme has been measured by time complexity of the operations using big-O notation. Applications/Improvement: The scheme can be improved with signatures. Signatures can be studied in detail and come in various types. Some signatures verify the authenticity of files while other complex ones work with multi-party authentication.

Fine-Grained Access Control via XACML Policy Optimization in Cloud Computing

One primary challenge of enforcing access control in cloud computing is how to ensure access with high efficiency while preserving data security. This paper proposes a fine-grained access control method for cloud resources. The basic idea is to use XACML as access control language and to optimize policies by data fragmentation and policy refinement algorithms. Through data fragmentation, the accessible resources are divided into disjoint data blocks, and each of them will be combined with a set of policy rules. This helps to refine the policy and to avoid data leakage caused by rule conflicting on the resource intersections. Finally, the disjoint data blocks and the optimized policy are distributed in the three-layered cloud, and the decision to a request is made by rule matching on a specific resource rather than traversing the whole policy rules. Experiments show that our proposal enjoys higher efficiency in cloud-based access control.

Cloud Based Access Control Model for Selective Encryption of Documents with Traitor Detection

Cloud computing refers to a type of networked computing whereby an application can be run on connected servers instead of local servers. Cloud can be used to store data, share resources and also to provide services. Technically, there is very little difference between public and private cloud architecture. However, the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security in clouds. Several techniques implementing attribute based encryption for fine grained access control have been proposed. Under such approaches, the key management overhead is a little bit high in terms of computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and reduces the overhead of the key management as well as secret sharing by using efficient algorithms and protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption environment.