Skip to main content
SpringerLink
Log in

A novel predicate based access control scheme for cloud environment using open stack swift storage

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Storage in cloud computing is the fundamental service which is widely used by consumers of cloud. Cloud offer many advantages such as flexibility, elasticity, scalability and sharing of data among users. However, cloud storage throws many privacy and security challenges. Especially, the most significant problem is access control mechanism which ensures sharing of dataonly to authorized users. Most of the cloud service providers offer Role Based Access Control (RBAC) where users are grouped into roles and access is given to resources based on roles. The problem with this scheme is that once a role gets access to a resource, further restrictions are not possible, where there are security limitations for which data owner needs to restrict access to a part of an object but not entire object. This work proposes to useSwift, an object storage service in open source cloud named OpenStack. Swift restricts access to objects using Access Control Lists (ACLs). As per ACL, users can gain access to an object. However, once access is given, users can access the complete object without further restrictions. The proposed work is evaluated in real cloud environment Amazon cloud, Microsoft Azure, and Open stack cloud. A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage. Access is provided to predicates that are part of an object. Instead of following an “all or nothing” approach, an access control mechanism that makes the Swift storage and retrieval more secure is preferred.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Sirisha A, Kumari GG (2010) API access control in cloud using the role based access control model. In: IEEE Trendz in Information Sciences & Computing (TISC2010), pp 135–137

    Google Scholar 

  2. Li H, Wang S, Tian X, Wei W, Sun C (2015) A survey of extended role-based access control in cloud Computing. In: Proceedings of the 4th International Conference on Computer Engineering and Networks, pp 821–831

    Google Scholar 

  3. Zhou L, Varadharajan V, Hitchens M (2013) Achieving secure role-based access control on encrypted data in cloud storage. IEEE Transactions on Information Forensics and Security 8(12):1947–1960

    Google Scholar 

  4. Tsai WT, Shao Q (2011) Role-Based Access-Control Using Reference Ontology in Clouds. In: 2011 IEEE 10th International Symposium on Autonomous Decentralized Systems, pp 121–128

    Google Scholar 

  5. Lo NW, Yang TC, Guo MH (2015) An attribute-role based access control mechanism for multi-tenancy cloud environment. Wireless Personal Communications 84(3):2119–2134

    Google Scholar 

  6. Iqbal Z, Noll J (2012) Towards semantic-enhanced attribute-based access control for cloud services. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp 1223–1230

    Google Scholar 

  7. Liu X, Xia Y, Jiang S, Xia F, Wang Y (2013) Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp 1–8

    Google Scholar 

  8. Bhatt S, Patwa F, Sandhu R (2016) An attribute-based access control extension for OpenStack and its enforcement utilizing the policy machine. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp 1–9

    Google Scholar 

  9. Lin G, Wang D, Bie Y, Lei M (2014) MTBAC: amutual trust based access control model in cloud computing. China Communications 11(4):154–162

    Google Scholar 

  10. Zhu Y, Hu H, Ahn J, Huang D, Wang S (2012) Towards temporal access control in cloud computing. In: 2012 Proceedings IEEE INFOCOM, pp 1–5

    Google Scholar 

  11. Patel S, Rathod Y (2016) An auditable attribute based access control mechanism in Openstack cloud environment. International Journal of Innovative Research in Computer and Communication Engineering 43(5):1–6

    Google Scholar 

  12. Huang J, Nicol DM (2013) Trustmechanisms for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications 2(1):1–14

    Google Scholar 

  13. Yan Z, Li X, Wang M, Vasilakos AV (2017) Flexible data access control based on trust and reputation in cloud computing. IEEE Transactions on Cloud Computing 5(3):485–498

    Google Scholar 

  14. Wang W, Han J, Song M, Wang X (2011) The design of a trust and role based access control model in cloud computing. In: International conference on pervasive computing and applications, pp 1–5

    Google Scholar 

  15. Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A (2012) A distributed access control architecture for cloud computing. IEEE Software 29(2):36–44

    Google Scholar 

  16. He H, Li R, Dong X, Zhang Z (2014) Secure, efficient and finegrained data access control mechanism for P2P storage cloud. IEEE Transactions on Cloud Computing 2(4):471–484

    Google Scholar 

  17. Liu JK, Au MH, Huang X, Lu R, Li J (2016) Fine-grained twofactor access control for web-based cloud computing services. IEEE Transactions on Information Forensics and Security 11(3):484–497

    Google Scholar 

  18. Sun L, Wang H, Yong J, Wu G (2012) Semantic access control for cloud computing based on e-Healthcare. In: Proceedings of the 2012 IEEE 16th international conference on computer supported cooperative work in design (CSCWD), pp 1–7

    Google Scholar 

  19. Rao S, Rao A (2016) A framework for predicate based access control policies in infrastructure as a service cloud. International Journal of Engineering Research and Applications 6(2):36–44

    Google Scholar 

  20. Biswas P, Patwa F, Sandhu R (2015) Content level access control for OpenStack swift storage. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY ‘15, pp 1–4

    Google Scholar 

  21. Saikiran K, Kumar MSVS (2019) An adaptive authorization in OpenStack cloud platform using MAPE-K. International Journal of Advance Research, Ideas and Innovations in Technology 5(3):p1292–p1297

    Google Scholar 

  22. Hogan K, Maleki H, Rahaeimehr R, Canetti R, van Dijk M, Hennessey J, Zhang H (2019) On the universally Composable security of OpenStack. In: 2019 IEEE Cybersecurity Development (SecDev), pp 20–33

    Google Scholar 

  23. Fan Z, Xiao Y, Wang C, Liu B (2018) Research on access control in cloud storage system: from single to multi-clouds. American Journal of Software Engineering and Applications 7(1):1–14

    Google Scholar 

  24. Daoud WB, Meddeb-Makhlouf A, Zarai F, Obaidat MS, Hsiao K-F (2018) A Distributed Access Control Scheme based on Risk and Trust for Fog-cloud Environments. In: 15th International Joint Conference on e-Business and Telecommunications, vol 1, pp 296–302

    Google Scholar 

  25. Bertocco S, Dowler P, Gaudet S, Major B, Pasian F, Taffoni G (2018) Cloudaccess to interoperable IVOAcompliant VOSpace storage. Astronomy and Computing 24:36–44, 36

    Google Scholar 

  26. Easwaramoorthy S, Thamburasa S, Samy G, Bhushan SB, Aravind K (2016) Digital forensic evidence collection of cloud storage data for investigation. In: 2016 International Conference on Recent Trends in Information Technology (ICRTIT). IEEE, pp 1–6

  27. Thamburasa S, Easwaramoorthy S, Aravind K, Bhushan SB, Moorthy U (2016, August) Digital forensic analysis of cloud storage data in IDrive and mega cloud drive. In: 2016 International Conference on Inventive Computation Technologies (ICICT), vol 3. IEEE, pp 1–6

  28. Easwaramoorthy S, Moorthy U, Kumar CA, Bhushan SB, Sadagopan V (2017) Content based image retrieval with enhanced privacy in cloud using apache spark. In: International Conference on Data Science Analytics and Applications. Springer, Singapore, pp 114–128

    Google Scholar 

  29. Anilkumar C, Sumathy S (2018) Security strategies for cloud identity management—a study. International Journal of Engineering & Technology 7(2):732–741

    Google Scholar 

  30. Zhu Y, Ma D, Huang D, Hu C (2013) Enabling secure location-based services in mobile cloud computing. In: Proceedings of the second ACM SIGCOMM workshop on Mobile cloud computing, pp 27–32

    Google Scholar 

  31. Sun J, Bao Y, Nie X, Xiong H (2018) Attribute-hiding predicate encryption with equality test in cloud computing. IEEE Access 6:31621–31629

    Google Scholar 

  32. Zhao Y, Xie X, Zhang X, Ding Y (2019) A revocable storage CPABE scheme with constant ciphertext length in cloud storage. Mathematical biosciences and engineering: MBE 16(5):4229–4249

    MathSciNet  Google Scholar 

  33. Xue Y, Hong J, Li W, Xue K, Hong P (2016) LABAC: a location-aware attribute-based access control scheme for cloud storage. In: 2016 IEEE Global Communications Conference (GLOBECOM). IEEE, pp 1–6

  34. Ming Y, Wang E (2019) Identity-based encryption with filtered equality test for Smart City applications. Sensors 19(14):3046

    Google Scholar 

  35. Birkett J, Stebila D (2010) Predicate-based key exchange. In: Australasian Conference on Information Security and Privacy. Springer, Berlin, Heidelberg, pp 282–299

    Google Scholar 

  36. Attrapadung N, Yamada S (2015) Duality in ABE: converting attribute based encryption for dual predicate and dual policy via computational encodings. In: Cryptographers’ track at the RSA conference. Springer, Cham, pp 87–105

  37. Wang C, Huang J (2011) Attribute-based signcryption with ciphertext-policy and claim-predicate mechanism. In: 2011 Seventh International Conference on Computational Intelligence and Security. IEEE, pp 905–909

  38. Wijesekera D, Jajodia S (2002) Policy algebras for access control the predicate case. In: Proceedings of the 9th ACM conference on Computer and Communications Security, pp 171–180

    Google Scholar 

  39. Li N, Wang Q, Qardaji W, Bertino E, Rao P, Lobo J, Lin D (2009) Access control policy combining: theory meets practice. In: Proceedings of the 14th ACM symposium on Access control models and technologies, pp 135–144

    Google Scholar 

  40. Bertolissi C, Fernández M, Barker S (2007) Dynamic eventbased access control as term rewriting. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Berlin, Heidelberg, pp 195–210

    Google Scholar 

  41. Barker S, Sergot MJ, Wijesekera D (2008) Status-based access control. ACM Transactions on Information and System Security (TISSEC) 12(1):1–47

    Google Scholar 

  42. Rao BS, Rao GA A Framework for Predicate Based Access Control Policies in Infrastructure as a Service Cloud

  43. Fan CI, Huang SY (2013) Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Futur Gener Comput Syst 29(7):1716–1724

    Google Scholar 

  44. Stihler M, Santin AO, Marcon AL Jr, da Silva Fraga J (2012) Integral federated identity management for cloud computing. In: 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE, pp 1–5

  45. Wan Z, Deng RH (2011) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE transactions on information forensics and security 7(2):743–754

    Google Scholar 

  46. Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722

    Google Scholar 

  47. Chen HC (2016) A trusted user-to-role and role-to-key access control scheme. Soft Comput 20(5):1721–1733

    Google Scholar 

  48. Younis Y, Kifayat K, Merabti M (2014) An access control model for cloud computing. J Inf Secur Appl 19(1):45–60

    Google Scholar 

  49. Zhu Y, Ma D, Huang D, Hu C (2013) Enabling secure location based services in mobile cloud computing. In: Proceedings of the Second ACM SIGCOMM Workshop on Mobile Cloud Computing - MCC ‘13, pp 27–32

    Google Scholar 

  50. Ke C, Huang Z, Tang M (2013) Supporting negotiation mechanism privacy authority method in cloud computing. Knowl-Based Syst 51:48–59

    Google Scholar 

  51. Alramadhan M, Sha K (2017) An overview of access control mechanisms for internet of things. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp 1–6

    Google Scholar 

  52. ElSibai R, Gemayel N, BouAbdo J, Demerjian J (2019) A survey on access control mechanisms for cloud computing. Transactions on Emerging Telecommunications Technologies:1–22

  53. Luo Y, Luo W, Puyang T, Shen Q, Ruan A, Wu Z (2016) OpenStack Security Modules: A Least-Invasive Access Control Framework for the Cloud. In: 2016 IEEE 9th International conference on CLOUD computing (CLOUD), pp 51–58

    Google Scholar 

  54. Da Silva CE, Diniz T, Cacho N, de Lemos R (2018) Self-adaptive authorization in OpenStack cloud platform. J Internet Serv Appl 9(1):1–19

    Google Scholar 

  55. Huo J, Qu H, Wu L (2015) Design and implementation of private cloud storage platform based on OpenStack. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity). IEEE, pp 1098–1101

  56. Pflanzner T, Tornyai R, Gibizer B, Schmidt A, Kertesz A (2016) Performance analysis of an openstack private cloud, pp 282–289

    Google Scholar 

  57. Tudoran R, Costan A, Antoniu G, Bougé L (2012) A performance evaluation of azure and nimbus clouds for scientific applications. In: Proceedings of the 2nd International Workshop on Cloud Computing Platforms, pp 1–6

    Google Scholar 

  58. Palankar MR, Iamnitchi A, Ripeanu M, Garfinkel S (2008) Amazon S3 for science grids: a viable solution? In: Proceedings of the 2008 international workshop on Data-aware distributed computing, pp 55–64

    Google Scholar 

  59. Agarwal D, Prasad SK (2012) Azurebench: benchmarking the storage services of the azure cloud platform. In: 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum. IEEE, pp 1048–1057

  60. Tanimura Y, Yanagita S, Hamanishi T (2014) A high performance, qos-enabled, s3-based object store. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. IEEE, pp 784–791

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India

    Chunduru Anilkumar

  2. School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, India

    Sumathy Subramanian

Authors
  1. Chunduru Anilkumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sumathy Subramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sumathy Subramanian.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection: Special Issue on Network In Box, Architecture, Networking and Applications

Guest Editor: Ching-Hsien Hsu

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Anilkumar, C., Subramanian, S. A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer-to-Peer Netw. Appl. 14, 2372–2384 (2021). https://doi.org/10.1007/s12083-020-00961-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-020-00961-y

Keywords

Search

Navigation