Abstract
Where the flexibility of Cloud Computing provides number of usage possibilities to the organizations, the security threats stop them in fully relying on it. Among all security threats, ‘Unauthorized Access Threat’ is one of the most important and difficult to manage. In SaaS, access control issues are of foremost concern. The aim of this paper is to explore the current trends that cloud providers are following in implementing access control measures in SaaS. In this article, a critical review of these measures is done and their advantages and drawbacks are discussed. On the basis of ongoing research, future research directions in the area of SaaS access control are also identified.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
We’re sorry, something doesn't seem to be working properly.
Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.
References
Benantar, M.: Access Control Systems: Security, Identity, Management and Trust Models. Springer US (2009)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Special Publication 800-145 (2011), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
DORMA: Brivo to Introduce SaaS-Based Access Control Solution at ISC West (2012), http://www.securitysales.com/article/dorma-brivo-to-introduce-saas-based-access-control-solution-at-isc-west
Aime, M.D., Lioy, A., Pomi, P.C., Vallini, M.: Security Plans for SaaS. In: Agrawal, D., Candan, K.S., Li, W.-S. (eds.) Information and Software as Services. LNBIP, vol. 74, pp. 81–111. Springer, Heidelberg (2011)
Chou, Y., Levina, O., Oetting, J.: Enforcing Confidentiality in a SaaS Cloud Environment. In: 19th Telecommunications forum TELFOR, Serbia, Belgrade, November 22-24. IEEE Press (2011)
Risk Taxonomy, Technical Standard (2009), http://pubs.opengroup.org/onlinepubs/9699919899/toc.pdf
National Vulnerability Database (2014), http://nvd.nist.gov/
Grobauer, B., Walloschek, T., Stöcker, E.: Understanding Cloud Computing Vulnerabilities. Co-published by the IEEE computer and reliability societies (2011)
Wang, H., Liu, F., Liu, H.: A Method of the Cloud Computing Security Management Risk Assessment. In: Zeng, D. (ed.) Advances in Computer Science and Engineering. AISC, vol. 141, pp. 609–618. Springer, Heidelberg (2012)
Ganesan, R., Sarkar, S., Tewari, N.: An Independent Verification of Errors and Vulnerabilities in SaaS Cloud. In: 42nd International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE Press (2012)
Rehman, S., Mustafa, K.: Software Design Level Vulnerabilities Classification Model. International Journal of Computer Science and Security 6(4), 238–255 (2012)
National Institute of Standard and Technology/Information Technology Laboratory (NIST/ITL) Bulletin (December 1995), http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm (retrieved on May 2014)
Demin, F., Xiaoming, W., Zongtao, Z.: An Expanded Role-Based Access Control Model. Computer Engineering and Applications (2003)
Li, D., Liu, C., Liu, B.: H-RBAC: A Hierarchical Access Control Model for SaaS Systems. I. J. Modern Education and Computer Science 5 (2011), http://www.mecs-press.org/
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security (TISSEC) 2, 105–135 (1999)
Li, D., Liu, C., Wei, Q., Liu, Z., Liu, B.: RBAC-based Access Control for SaaS Systems. In: IEEE 2nd International Conference on Information Engineering and Computer Science, ICIECS (2010)
Ni, Q., Bertino, E.: Privacy-Aware Role-Based Access Control. ACM Transactions on Information and System Security 13(3), Article 24 (2010)
Ferreira, A., Chilro, D., Antunes, L.: How to Securely Break into RBAC: The BTG-RBAC Model. In: Proceedings of 25th Annual Computer Security Applications Conference, Honolulu, Hawaii (2009)
Rajesh, K., Nayak, A.: Modified BTG-RBAC Modelf or SaaS. In: Proceedings of International Conference on Cloud Computing, Technologies, Applications & Management (2012)
Sirisha, A., Kumari, G.: API Access Control in Cloud Using the Role Based Access Control Model. In: Trendz in Information Sciences & Computing, TISC (2010)
Chung, H., Chen, J., Violetta, M.A., Yang, C.Y.: Contract RBAC in cloud computing. Springer Science Business Media, New York (2013)
Cao, J., Li, P., Zhu, Q., Qian, P.: A Tenant-Based Access Control Model T-Arbac. Computer Science and Application (2013), http://www.hanspub.org/journal/csa.html
Xu, L., Tang, S.: Verifiable computation with access control in cloud Computing. Springer Science+Business Media, New York (2013)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proc. IEEE Symp. Security and Privacy, Oakland, CA (2007)
Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proc. ACM Conf. Computer and Communications Security (ACM CCS), Chicago, IL (2010)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: IEEE INFOCOM (2010)
Wan, Z., Liu, J., Deng, R.H.: HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. IEEE Transactions on Information Forensics and Security 7(2) (2012)
Choi, C., Choi, J., Kim, P.: Ontology-based access control model for security policy reasoning in cloud computing. Springer Science+Business Media, New York (2013)
Pervez, Z., Khattak, A.M., Lee, S., Lee, Y., Huh, E.: Oblivious access control policies for cloud based data sharing systems. Springer (2012)
Wang, Z., Sha, K., Lv, W.: Slight Homomorphic Signature for Access Controlling in Cloud Computing. Springer Science+Business Media, New York (2013)
Xu, L., Cao, X., Zhang, Y., Wu, W.: Software Service Signature (S3) for authentication in cloud Computing. Springer Science+Business Media, New York (2013)
L&T Infotech: Selected to drive Cloud access security software to market. Express Computers (May 15, 2011), http://go.galegroup.com/ps/i.do?id=GALE%7CA257405511&v=2.1&u=sdl&it=r&p=CDB&sw=w&asid=b7f8961ca216c997f7384bc9c9c8c5f5
Visual-Gurad (2014), http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles
Double Vision (2014), http://www.doublevision.ca/access-control-systems.html
Dorma (2012), http://www.prweb.com/releases/2012/2/prweb9225731.htm
Safenet (2014), http://www.safenet-inc.com/data-protection/virtualization-cloud-security/saas-security-cloud-access-control/
Cisco (2014), http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/white_paper_c11-596141.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rehman, S., Gautam, R. (2014). Research on Access Control Techniques in SaaS of Cloud Computing. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)