Attribute Based Access Control In Infrastructure As A Service Case Study

Dilawar Singh, Vikas Thada, Jaswinder Singh


Perhaps the main difficulties that have undermined cloud computing and caused its lethargic reception is security. Since clouds have assorted gatherings of clients with various arrangements of safety prerequisites, confining the clients' accesses and shielding data from unapproved accesses have become the most troublesome errands. To address these basic difficulties, in this paper initially formalize Attribute Based Access Control (ABAC) and propose another access control model, called Attribute- Rule ABAC (AR-ABAC), for cloud computing to meet basic access control necessities in clouds. Our model backings the attribute decides that arrangement with the relationship among clients and items, just as the capacity for accessing objects based on their affectability levels. The attribute- decides to indicate an understanding that figures out what sort of attributes ought to be utilized and the quantity of attributes considered for settling on access choices. Likewise, our model guarantees secure asset dividing between potential untrusted inhabitants and supports distinctive access consents to a similar client at a similar meeting.

Full Text:



G.-J. Ahn. The Rcl 2000 Language for Specifying Role-based Authorization Constraints. PhD thesis, Fairfax, VA, USA, 2000.

G.-J. Ahn and R. S. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC), 3(4):207–226, November 2000.

M. Al-Kahtani and R. Sandhu. A model for attribute-based user-role assignment. In 18th Annual Computer Security Applications Conference, 2002. Proceedings, pages 353–362, 2002.

R. Ausanka-Crues. Methods for access control: advances and limitations. Harvey Mudd College;

Retrieved December 07, 2012.

D. Bell and L. LaPadula. Secure computer systems: mathematical foundations. Bedford, MA. Retrieved February 04, 2013, from: Secure computer systems: mathematical foundations; 1973.

D. Brucker, L. Br ¨ugger, P. Kearney, and B. Wolffy. An approach to modular and testable security models of real-world health-care applications. In SACMAT’11. Proceedings of the 16th ACM symposium on Access Control Models and Technologies, pages 133–142. SACMAT, 2011.

F. Cruz, R. Gjomemo, B. Lin, and M. Orsini. Collaborative Computing Networking, Applications and Worksharing, volume 10 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, chapter A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments, pages 322–339. Springer Berlin Heidelberg, 2009.

S. Harris. Mike meyers cissp(r) certification passport. first edition. United States: McGraw-Hill, page 422, 2002.

V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. Guide to attribute-based access control (abac) definition and considerations. Special Publication 800-162, U.S. Department of Commerce, January 2014. National Institute of Standards and Technology.

L. Sun, H. Wang, J. Yong, and G. Wu. Semantic access control for cloud computing based on e- healthcare. In 16th International Conference on: Computer Supported Cooperative Work in Design (CSCWD), 2012 IEEE, pages 512–518, May 2012.

Z. Tianyi, L. Weidong, and S. Jiaxing. An efficient role-based access control system for cloud computing. In 11th International Conference on: Computer and Information Technology (CIT), 2011 IEEE, pages 97–102, Augest 2011.

Elisa Bertino, Barbara Catania, Elena Ferrari, and Paolo Perlasca. A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur., 2003.

Elisa Bertino, Elena Ferrari, and Vijay Atluri. The specification and enforcement of authorization constraints in workflow management systems. ACM TISSE, 1999.

John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-policy attribute-based encryption. In IEEE SP’07, pages 321–334, 2007.

Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming, pages 185– 210. Springer, 1999.

Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In 1996 IEEE Symposium on Security and Privacy, pages 164–173. IEEE, 1996.

Bonatti, Clemente Galdi, and Davide Torres. ERBAC: Event-driven RBAC. In ACM SACMAT, pages 125–136, 2013.

Piero A. Bonatti and P. Samarati. Regulating service access and information release on the web. In ACM CCS, 2000.

Piero A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. J. Comp. Secur., 2002.

T. Bylander. The computational complexity of propositional STRIPS planning. Artificial Intelligence, pages 165–204, 1994.


  • There are currently no refbacks.
Powered by Puskom-UMJ