Most corporations and organizations rely heavily on access control to protect data accessibility and enable resource sharing across networks and departments. However, with the development of cloud computing, traditional boundary protection struggles to mitigate the increasing attacks and threats. In addition, most existing dynamic access control methods match static rules with dynamic metrics, which cause system damage through their delayed responses to threats and attacks. The zero-trust architecture (ZTA) provides continuous authentication and dynamic authorization for all users to accommodate the security demands of cloud computing. Drawing inspiration from the ZTA, we first present a TBAC (Trust-based Access Control) model and design a trust assessment methodology to update user trustworthiness. Then, we introduce dynamic rules in the TBAC model to implement a dynamic access control system DR-TBAC (TBAC with Dynamic Rule). We apply the DQN (Deep Q-Network) algorithm to dynamically update the trust thresholds based on static rules comparing dynamic trust with predefined trust thresholds to achieve adaptive access control policies. In this paper, we rebuild the cloud security access environment from the perspective of dynamic trust and rule optimization and strengthen the constraints on user behaviors throughout the access control lifecycle of cloud computing. Finally, a thorough analysis and assessment regarding offline training models and the online deployment of the DR-TBAC system into the cloud platform highlight its security and accuracy relative to baseline models.
Read full abstract