Abstract
Access control systems are often seen as the most effective tool to address the security challenges faced by cloud computing. Most of the proposed approaches are designed for specific application domains or service models. The goal of this paper is to propose a generic access control system for the cloud that is applicable to the different cloud service models. We rely on Kerberos as well as access control lists and authorization tickets for the implementation of access control and no replay. We use CloudSim to evaluate our proposal and show that it has an acceptable overhead. We also show that the architecture’s elasticity has no significant impact on the access time. To prove its feasibility, we implemented the proposed solution over an Openstack cloud platform integrated within Kerberos.
Similar content being viewed by others
Notes
docs.openstack.org/admin-guide-cloud/content/ch_getting-started-with-openstack.html
References
Altmann J, Courcoubetis C, Risch M (2010) A marketplace and its market mechanism for trading commoditized computing resources. Ann Telecommun 65:653–667
Mohammed AAB, Altmann J (2010) A funding and governing model for achieving sustainable growth of computing e-infrastructures. Ann Telecommun 65:739–756
Maghanathan N (2013) Review of access control models for cloud computing. Comp Sci Info Sci 3(1):77–85
Younis YA, Kifayat K, Merabti M (2014) An access control model for cloud computing. J Info Secur Appl 19(1):45–60
Yao X, Han X, Du X (2014) A lightweight access control mechanism for mobile cloud computing. In: Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp 380–385
Keromytis AD, Smith JM (2007) Requirements for scalable access control and security management architectures. ACM Trans Internet Technol (TOIT) 7(2):8
Choudhury AJ, Kumar P, Sain M, Lim H, Jae-Lee H (2011) A strong user authentication framework for cloud computing. In: Services Computing Conference (APSCC), 2011 I.E. Asia-Pacific, IEEE., pp 110–115
Wang W, Han J, Song M, Wang X (2011) The design of a trust and role based access control model in cloud computing. In: Pervasive Computing and Applications (ICPCA), 2011 6th International Conference on, IEEE., pp 330–334
Crago S, Dunn K, Eads P, Hochstein L, Kang D-I, Kang M, Modium D, Singh K, Suh J, Walters JP (2011) Heterogeneous cloud computing. In: IEEE International Conference on Cluster Computing (CLUSTER), 2011, pp 378–385
Patil V, Mei A, Mancini LV (2007) Addressing interoperability issues in access control models. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security, ACM., pp 389–391
Lin G, Bie Y, Lei M (2013) Trust based access control policy in multi-domain of cloud computing. J Comp 8(5):1357–1365
Hu VC, Kuhn DR, Ferraiolo DF (2006) The computational complexity of enforceability validation for generic access control rules. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006, IEEE., p 7
Hasebe K, Mabuchi M, Matsushita A (2010) Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM symposium on Access control models and technologies, ACM., pp 109–118
Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L, Zagorodnov D (2009) The eucalyptus open-source cloud-computing system. In: 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, 2009. CCGRID’09, pp 124–131
Shafiq B, Joshi JB, Bertino E, Ghafoor A (2015) Secure interoperation in a multidomain environment employing RBAC policies. Knowl Data Eng IEEE Transactions 17(11):1557–1577
Almutairi AA, Sarfraz MI, Basalamah S, Aref WG, Ghafoor A (2011) A distributed access control architecture for cloud computing. IEEE Softw 2:36–44
Ruj S, Nayak A, Stojmenovic I (2011) Dacc: distributed access control in clouds. In: 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 I.E., pp 91–98
Namasudra S, Nath S, Majumder A (2014) Profile based access control model in cloud computing environment. In: IEEE International Conference on Green Computing Communication and Electrical Engineering (ICGCCEE), 2014, pp 1–5
Musca C, Ion A, Leordeanu C, Cristea V (2013) Secure access to cloud resources. In: Eight IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2013, pp 554–558
David C (2009) Introducing the Windows Azure Platform
Khaled A, Husain MF, Khan L, Hamlen KW, Thuraisingham B (2010) A token-based access control system for RDF data in the clouds. In: Second International Conference on Cloud computing technology and science (CloudCom), 2010
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE
Yu S, Ren K, Lou W, Li J (2009) Defending against key abuse attacks in kp-abe enabled broadcast systems. In. Security and Privacy in Communication Networks. Athens, Greece, 2009.
Ateniese G, Kevin F, Matthew G, Susan H (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. In: ACM Transactions on Information and System Security., pp 1–30
Toshihiko M (2007) Proxy re-encryption systems for identity-based encryption. In. Pairing-Based Cryptography Pairing. Tokyo, Japan, LNCS, pp 247–267
Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: 32nd International Conference on Distributed computing systems (ICDCS), 2012
Liu X, Xia Y, Jiang S, Xia F, Wang Y (2013) Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In: 12th IEEE International Conference on Trust, security and privacy in computing and communications (TrustCom), 2013, IEEE., pp 477–484
Lin G, Wang D, Bie Y, Lei M (2014) MTBAC: a mutual trust based access control model in cloud computing. Communications China 11(4):154–162
Eric S, Bruce D, Hégarat-Mascle SL (2002) Application of ant colony optimization to adaptive routing in aleo telecomunications satellite network. Ann Telecommun 57:520–539
Brucker AD, Brugger L, Kearney P, Wolff B (2011) An approach to modular and testable security models of real-world health-care applications. In: Proceedings of the 16th ACM symposium on access control models and technologies, ACM., pp 133–142
Suhendra V (2011) A survey on access control deployment. In. Security Technology, Korea, Springer 2011, pp. 11–20.
Buyya R, Ranjan R, Calheiros R (2009) Modeling and simulation of scalable cloud computing environments and the CloudSim toolkit: challenges and opportunities, CoRR., pp 1–11
Buyya R, Calheiros R, Ranjan R, Rose CD (2009) CloudSim: a novel framework for modeling and simulation of cloud computing infrastructures and services, CoRR, Technical Report GRIDS-TR-2001-1, Grid Computing and Distributed Systems laboratory, The University of Melbourne, Australia, March 2009
Calheiros R, Rajiv R, Anton B, César DR, Rajkumar B (2011) CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Software: Practice and Experience 41:23–50
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kaffel-Ben Ayed, H., Zaghdoudi, B. A generic Kerberos-based access control system for the cloud. Ann. Telecommun. 71, 555–567 (2016). https://doi.org/10.1007/s12243-016-0534-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-016-0534-7