A RBACc-Based Access Control Administrative Model For Cloud Computing

Access control research in Cloud Computing provides effective solutions for useraccess security which is an important aspect. On the basis of analyzing CloudComputing security, we develop model for Clouds’ access control.The management and ownership of resources stored in cloud computing areseparated. There are three entities for cloud computing: end user, data owner andservice provider. The access control should include two processes. One is the accesscontrol between end user and data owner. The other one is access control between enduser and serice provider. According to the access control requirements, we propose amanagement model for role-based access control and we build a security analysismodel using RT language. The main work of the paper is as follows:First, based on role based access control (RBAC) model, we propose anadministrative model for role-based access control-CARBAC; such that, end usersand data owner have their role hierarchies; where, the role hierarchy relationship isrepresented by a partial order relation. User authorization process has two processes.In the firtst one, the legitimate users send access require to data owner. If the user islegitimate, then data owner will reply with a message including a credential for theuser. In the second process, the user role sends a message to service providerincluding user credential received from data owner. When service provider ensuresthat the massage is legal, and the credential is correct, user is allowed to get hisrequesting access permission. The credential of user is a certificate received fromservice provider includes the serial number, user ID, user-role information, validityand time stamp. The CARBAC model uses the administrative role to adapt to thedynamic changes in the role hierarchy. Each role hierarchy has its own administrator.When a role is added or deleted from the role hierarchy, the corresponding role ofadministrators manages scope changes, and we explained the detailed method tocalculate the role administrative scope.Second, we study the security analysis of CARBAC model. We give thedefinitions for the two security analysis problems. In this paper the security analysisdivided into two issues, the first includes the user role assignments and trusted userroles; while the second covers the possibility of users to dynamically adjust thestatute. We use a state transition system to indicate CARBAC model. And a relationship of the CARBAC model access process and RT language is set up.According to the two basic problems, we introduce two algorithms: CATU algorithmand CAR algorithm, and we use RT language formal verification for both algorithms.The theoretical analyses show that majority security analysis can be solved inpolynomial time.