Site Loader

Abstract—This paper mainly investigates the IaaS security enhancement from an access control point of view. IaaS requires an access control model that can cope with its dynamic and scalable features. Attribute-based Access Control (ABAC) is identi?ed as the most appropriate model that can support IaaS features. However, ABAC does encounter challenges regarding its conceptual characteristics and formal speci?cations. The paper presents an analytical study of an appropriate access control model for IaaS. Furthermore, it discusses the effectiveness of using formal logic in the access control model speci?cation, veri?cation and reasoning. This paper proposes a practical framework for the ABAC based on arti?cial intelligence architecture to satisfy the dynamic and scalable nature of IaaS cloud. I. INTRODUCTION The cloud computing paradigm is constructed based on several technologies such as virtualisation, Service-Oriented Architecture (SOA), autonomic computing, and grid computing 1. Cloud computing involves three main services: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). The focus of this research is to enhance an access control model to cope with the IaaS environment without redesigning or modifying IaaS technology structures. Virtualisationtechnologyisoneofthemainbuildingblocks in deploying IaaS. Hence, the hypervisor affects the ef?ciency of the access control system. The hypervisor introduces a security threat to the virtual machine (VM) access control because of the single point of access. A trusted VM within an untrusted hypervisor has a higher risk than an untrusted VM within a trusted hypervisor 2. For example, based on empirical experiments on a live virtual machine migration process (LVMM) 3, it has been recommended to review the existing access control system to avoid unauthorised access during LVMM process. The LVMM process is considered as one of the critical processes in IaaS beside the virtual machine provisioning process 1. Moreover, access-control security tools in IaaS such as ?rewalls and security groups cannot support context-aware mechanisms or dynamic access control 4. The optimisation between the information ?ow security and IaaS ?exibility is getting high consideration as sensitive information may leaked to unauthorized entities5, 6. Therefore, a well-designed access control system in IaaS is vital. Security aspects are essential in motivating customers to adopt cloud computing services. For instance, an IDC survey illustrates that 87% of customers consider satisfaction with the degree of security and privacy as the main motivations to adopt cloud computing services 7. In particular, the access control aspect is a critical security issue in the IaaS cloud 8, 9. In contrast to the traditional computing environment, the IaaS cloud has speci?c characteristics of elasticity, multitenancy, con?gurability, and dynamicity. Thus, conventional access control models face ?exibility challenges and ?negrained limitations when it comes to their implementation and deployment in IaaS 8. Because IaaS is a multitenant environment it is required to handle a variety of user access requirements, accordingly the IaaS access-control system needs to be a context-aware to support ?ne-grained policy 10. The traditional access control models such as Discretionary Access Control (DAC) and Mandatory Access Control (MAC) lack scalability and adaptability to dynamic changes. Even though most cloud access control systems such as Amazon, Racspace, Dimansion Data and Verizon use Role-Based Access Control (RBAC) 11, RBAC cannot cope with a dynamic environment because it supports coarse-grained access which creates a restricted access control policy. Also, RBAC access policy rules must be prede?ned before the access-control process begins. There is a trend to move from RBAC to Attribute-Based Access Control (ABAC), as the latter is more ?exible, supports context-awareness, supports ?ne-grained policies, and also supports a dynamic computing environment. It is predicted that by 2020, 70 % of enterprises will deploy ABAC 12 since there is an interest among industries and governments to deploy access control based on ABAC 13. Further, ABAC is dynamic and requires less human administration interaction thantraditionalaccesscontrolmodels,becauseitsauthorisation process can be computed at the time of the request, where

Post Author: admin

x

Hi!
I'm Myrtle!

Would you like to get a custom essay? How about receiving a customized one?

Check it out