A Critical Comparative Study and Characterisation of Access Control Model

A Critical Comparative Study and Characterisation of Access Control Model

  IJCOT-book-cover
 		 International Journal of Computer & Organization Trends  (IJCOT)          
 
© 2017 by IJCOT Journal
Volume - 8 Issue - 2
Year of Publication : 2018
Authors :  Oyeyinka, F.J, Idowu, S.A, Kuyoro, A, Joshua, J.V, Akinsanya, A.O, Eze, M.O, Ebiesuwa Seun
DOI : 10.14445/22492593/IJCOT-V8I2P302

Citation

Oyeyinka, F.J, Idowu, S.A, Kuyoro, A, Joshua, J.V, Akinsanya, A.O, Eze, M.O, Ebiesuwa SeunA Critical Comparative Study and Characterisation of Access Control Model", International Journal of Computer & organization Trends (IJCOT), V8(2):7-17 March - April  2018, ISSN:2249-2593, www.ijcotjournal.org. Published by Seventh Sense Research Group.

Abstract

This paper reviews access control methods as they relate to cloud computing. Although advantages of cloud computing over traditional computing techniques cannot be overemphasised; cloud computing presents new security challenges which traditional access control method may not be able to handle, hence proposed access control methods for cloud computing were reviewed and the drawback of each method highlighted. A characterisation of the access control methods was attempted using the various features discussed in literature and comparison of the characteristics was done. From the analysis, features of RBAC and ABAC are the best among the Access Control methods but both has weaknesses in confidentiality and integrity. ABAC was also shown to be very complex. Hence it was suggested that research efforts should be concentrated in building ABAC model that is more secure and easy to implement.

References

[1]Zhenji Zhou1, Lifa Wu2 and Zheng Hong3 Institute of Command Information System, PLA University of science and technology Nanjing, Jiangsu, China This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it., International Journal of Grid and Distributed Computing, Vol.6, No.6 (2013).
[2]Habib, S.M. Ries and S. Muhlhauser,“Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation” in Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing (UIC/ATC), Oct. 2010, pp. 410-444.
[3]Halton G., Deepak S., (2009), “Cloud Computing Essay”, [Accessed 12-04-2010]: http://www.scribd.com/doc/23743963/Cloud-Computing-Essay
[4]Ali Asghary Karahroudy, Security Analysis and Framework of Cloud Computing with Parity-Based Partially Distributed File System, July 2011.
[5]Bokefode Jayant. D., Ubale Swapnaja A., Modani Dattatray G. and Lavel Chiplun Mumbai. Analysis of DAC MAC RBAC Access Control based Models for Security, Sinhgad College of Engineering, korti, Pandharpur, Solapur University,INDIA. International Journal of Computer Applications (0975 – 8887) Volume 104 – No.5, October 2014.
[6]Margaret Rouse, March 2013; http://searchsecurity.techtarget.com/definition/access-control Le Xuan Hung, (2005), Research Taxonomy, u-Security Research Group, This email address is being protected from spambots. You need JavaScript enabled to view it.
[7]Abhishek Majumder, Suyel Namasudra and Samir Nath, (2014), Taxonomy and Classification of Access Control Models for Cloud Environemnts, Depatrment of computer Science & Engineering , Tripura Univeristy, suryamaninagar, Tripura West, India.
[8]Majumder Abhishek, Suyel Namasudra and Samir Nathl, (2012), Taxonomy and Classification of Access Control Models for Cloud Environments. Department of Computer Science & Engineering, Tripura University, Suryamaninagar, TripuraWest, Tripura, India.
[9]Lampson, B.W., “Dynamic Protection Structures,” AFIPS Conference Proceedings, 35, 1969, pp.27-38
[10]Bell, D.E., and L.J.LaPadula, Secure Computer Systems: Mathematical Foundations and Models, Bedford, MA: The Mitre Corproration, 1973future Computer and communication , Wuhan, China.
[11]Punithasurya K., Jeba Priya S.;”Analysis of diffenrent Access Control Mechanism in cloud” International Journal of applied Information systems, Vol. 4, September 2012
[12]James B. D. Joshi, Walid G. Aref, and Eugene H. Spafford, Security Models Web-Based Application. Proceeding of Communication of ACN, February 2001/Vol. 44 no.2.
[13]Sandhu, R. Lattice-based Access Control models. IEEE Computer 26. 11 (1993).Proceeding of the Fifth ACM Workshop on Role-based Access Control, Berlin, Germany, July, 2000.
[14]Ferraiolo, D.F., Barkley, J.F., and Kuhn, D.R., A role-based Access Control model and reference implementation within a corporate intranet. ACM Trans. Info Syst. Security 2,1(Feb. 1999), 34-64Gil P., (2010), “What is Cloud Computing”, [Accessed 01-22-2011]: http://netforbeginners.about.com/od/c/f/cloudcomputing.htm
[15]Tari, Z., and Chan, S. A role-based access control for intranet security. IEEE Internet Computing (Sept-Oct. 1997)
[16]Parminder Singh1, Sarpreet Singh2, Cross Bread Role based Access Control for Extended Security At Azure in Cloud Computing, International Journal of Application or Innovation in Engineering & Management (IJAIEM) Volume 2, Issue 2, February 2013 ISSN 2319 - 4847 Volume 2, Issue 2, February 2013 Page 206. Web Site: www.ijaiem.org Email: This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it. OASIS, Extensible access control markup language (XACML), v2.0 (2005).
[17]Vincent C. Hu, David F. Ferraiolo, and et al. Guide to Attribute Based Access Control (ABAC) De?nitions and Considerations. NIST Special Publications 800-162, Jan. 2014.
[18]Xin Jin, Ram Krishnan, and Ravi Sandhu. A uni?ed attribute-based access control model covering dac, mac and rbac. In Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy, DBSec’12, pages 41–55, Berlin, Heidelberg, 2012. Springer-Verlag.
[19]Xin Jin, Ram Krishnan, and Ravi Sandhu. Reachability Analysis for Role-based Administration of Attributes. In Proceedings of the 2013 ACM Workshop on Digital dentity Management, DIM ’13, pages 73–84, New York, NY, USA, 2013. ACM. of Texas At San Antonio, College of Sciences, Department Computer Science.
[20]B. Malek and A. Miri, “Combining Attribute-Based and Access System”, Proceedings of the 12th IEEE International Conference on Computational Science and Engineering, (2009), pp. 305-312.
[21]D. R. Kuhn, E. J. Coyne and T. R. Weil, “Adding attributes to role-based access control”, Computer, vol. 6, (2010), pp. 79-81
[22]Ting Cai, Jian Zheng and Xing Du(2015) , A Hybrid Attribute based RBAC Model College of Mobile Telecommunications, Chongqing University of Posts and Telecommunications, Chongqing, China, International Journal of Security and Its Applications Vol.9, No.7, pp.317-328
[23]Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce. Safety analysis of usage control authorization models. In Proc. of the ASIACCS, 2006 [17] Martin Abadi and Cedric Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, pages 107–121,2003.
[24]Khalid Zaman Bijon(2015), Constraints For Attribute Based Access Control With Application Incloud Iaas, College of Sciences , Department of Computer Science, The University of Texas at San Antonio.
[25]Ravi S Sandhu and Pierangela Samarati. Access control: Principle and practice. Communications Magazine, IEEE, 32(9):40–48, 1994.
[26]Ravi S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11), 1993.
[27]Xin Jin, Ram Krishnan, and Ravi Sandhu. A Unified Attribute-Based Access ControlModelCovering DAC, MAC and RBAC. In DBSec, 2012.
[28]Vincent C. Hu et al. Guide to attribute based access control (ABAC) definition and considerations(draft). NIST Special Publication, 2013.
[29]Anindya Banerjee and David A. Naumann. History-based access control and secure information ?ow. In Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, 117 International Workshop (CASSIS 2004), Revised Selected Papers, volume 3362 of Lecture Notes in Computer Science, pages 27–48. ((Springer-Verlag, Anindya 2005
[30]Anindya. Access Control for Online Social Networks Using Relationship Type Patterns. PhD thesis, University of Texas at San Antonio, San Antonio, TX, USA, 2014.
[31]Chirag Langaliya and Rajanikanth Aluvalu,(2015), Enhancing Cloud Security through Access Control Models: A Survey, Department of C.E School of Engineering, R.K. University, Rajkot. International Journal of Computer Applications (0975 – 8887) Volume 112 – No. 7.
[32]Yuan Cheng, Jaehong Park, and Ravi Sandhu. Relationship-based access control for online social networks: Beyond user-to-user relationships. In PASSAT 2012, pages 646–655. IEEE, 2012. Amazon Web Services. http://aws.amazon.com
[33]Jaehong Park, Ravi Sandhu, and Yuan Cheng. ACON: Activity-centric access control for social computing. In 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pages 242–247. IEEE, 2011.
[34]Jaehong Park and Ravi Sandhu. The UCONABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128–174, Feb. 2004.
[35]Florian Kelbert and Alexander Pretschner. Towards a Policy Enforcement Infrastructure for Distributed Usage Control. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT ’12, pages 119–122, New York, NY, USA, 2012. ACM.
[36]Martin Abadi and Cedric Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, pages 107–121,2003.
[37]Romuald Thion(2008), Access Control Models, University of Lyon, France.
[38]Ghani, N.A.; Selamat, H.; Sidek, Z.M. (2012, Analysis of Existing Privacy-Aware control Access for e-commerce application. Glob. J. Comput. Sci. Technology Vol 12, page 1-5.
[39]Mohammad, A.; Khdour, T.; Kanaan G.; Kanaan, R.; Ahmad, S.B.(2011), Analysis of existing Access Control Models from Web services Applications Perspective. J. Computing Vol 3 pg 10-16.
[40]Oyeyinka, F.I., Prof., Omotosho O.J., Dr.Oyeyinka I.K.(2015), A Modified Things Role Based Access Control Model for Securing Utilities in Cloud Computing, International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017, Issue 2, Volume 5 (May 2015).
[41]Sahafizadeh, E.; Parsa, S. (2010), Survey on Access Control Models. In Proceedings of 2nd International Conference
[42]Xin Jin, (2014), Attribute-Based Access Control Models and implementation in Cloud Infrastructure as a Service, The University.
[43]Vincent C. Hu , D. Richard Kuhn and David F. Ferraiolo(2015), Attribute-Based Access Control, National Institute of Standards and Technology, CSDL 2015 vol. 48 Issue No. 02 - Feb. ISSN: 0018-9162, pp: 85-88. http://doi.ieeecomputersociety.org/10.1109/MC.2015.33.

Keywords
Cloud computing, Access Control, Role Based, Rule Based, Attribute, policy.