Abstract
Storage in cloud computing is the fundamental service which is widely used by consumers of cloud. Cloud offer many advantages such as flexibility, elasticity, scalability and sharing of data among users. However, cloud storage throws many privacy and security challenges. Especially, the most significant problem is access control mechanism which ensures sharing of dataonly to authorized users. Most of the cloud service providers offer Role Based Access Control (RBAC) where users are grouped into roles and access is given to resources based on roles. The problem with this scheme is that once a role gets access to a resource, further restrictions are not possible, where there are security limitations for which data owner needs to restrict access to a part of an object but not entire object. This work proposes to useSwift, an object storage service in open source cloud named OpenStack. Swift restricts access to objects using Access Control Lists (ACLs). As per ACL, users can gain access to an object. However, once access is given, users can access the complete object without further restrictions. The proposed work is evaluated in real cloud environment Amazon cloud, Microsoft Azure, and Open stack cloud. A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage. Access is provided to predicates that are part of an object. Instead of following an “all or nothing” approach, an access control mechanism that makes the Swift storage and retrieval more secure is preferred.
Similar content being viewed by others
References
Sirisha A, Kumari GG (2010) API access control in cloud using the role based access control model. In: IEEE Trendz in Information Sciences & Computing (TISC2010), pp 135–137
Li H, Wang S, Tian X, Wei W, Sun C (2015) A survey of extended role-based access control in cloud Computing. In: Proceedings of the 4th International Conference on Computer Engineering and Networks, pp 821–831
Zhou L, Varadharajan V, Hitchens M (2013) Achieving secure role-based access control on encrypted data in cloud storage. IEEE Transactions on Information Forensics and Security 8(12):1947–1960
Tsai WT, Shao Q (2011) Role-Based Access-Control Using Reference Ontology in Clouds. In: 2011 IEEE 10th International Symposium on Autonomous Decentralized Systems, pp 121–128
Lo NW, Yang TC, Guo MH (2015) An attribute-role based access control mechanism for multi-tenancy cloud environment. Wireless Personal Communications 84(3):2119–2134
Iqbal Z, Noll J (2012) Towards semantic-enhanced attribute-based access control for cloud services. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp 1223–1230
Liu X, Xia Y, Jiang S, Xia F, Wang Y (2013) Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp 1–8
Bhatt S, Patwa F, Sandhu R (2016) An attribute-based access control extension for OpenStack and its enforcement utilizing the policy machine. In: 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pp 1–9
Lin G, Wang D, Bie Y, Lei M (2014) MTBAC: amutual trust based access control model in cloud computing. China Communications 11(4):154–162
Zhu Y, Hu H, Ahn J, Huang D, Wang S (2012) Towards temporal access control in cloud computing. In: 2012 Proceedings IEEE INFOCOM, pp 1–5
Patel S, Rathod Y (2016) An auditable attribute based access control mechanism in Openstack cloud environment. International Journal of Innovative Research in Computer and Communication Engineering 43(5):1–6
Huang J, Nicol DM (2013) Trustmechanisms for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications 2(1):1–14
Yan Z, Li X, Wang M, Vasilakos AV (2017) Flexible data access control based on trust and reputation in cloud computing. IEEE Transactions on Cloud Computing 5(3):485–498
Wang W, Han J, Song M, Wang X (2011) The design of a trust and role based access control model in cloud computing. In: International conference on pervasive computing and applications, pp 1–5
Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A (2012) A distributed access control architecture for cloud computing. IEEE Software 29(2):36–44
He H, Li R, Dong X, Zhang Z (2014) Secure, efficient and finegrained data access control mechanism for P2P storage cloud. IEEE Transactions on Cloud Computing 2(4):471–484
Liu JK, Au MH, Huang X, Lu R, Li J (2016) Fine-grained twofactor access control for web-based cloud computing services. IEEE Transactions on Information Forensics and Security 11(3):484–497
Sun L, Wang H, Yong J, Wu G (2012) Semantic access control for cloud computing based on e-Healthcare. In: Proceedings of the 2012 IEEE 16th international conference on computer supported cooperative work in design (CSCWD), pp 1–7
Rao S, Rao A (2016) A framework for predicate based access control policies in infrastructure as a service cloud. International Journal of Engineering Research and Applications 6(2):36–44
Biswas P, Patwa F, Sandhu R (2015) Content level access control for OpenStack swift storage. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY ‘15, pp 1–4
Saikiran K, Kumar MSVS (2019) An adaptive authorization in OpenStack cloud platform using MAPE-K. International Journal of Advance Research, Ideas and Innovations in Technology 5(3):p1292–p1297
Hogan K, Maleki H, Rahaeimehr R, Canetti R, van Dijk M, Hennessey J, Zhang H (2019) On the universally Composable security of OpenStack. In: 2019 IEEE Cybersecurity Development (SecDev), pp 20–33
Fan Z, Xiao Y, Wang C, Liu B (2018) Research on access control in cloud storage system: from single to multi-clouds. American Journal of Software Engineering and Applications 7(1):1–14
Daoud WB, Meddeb-Makhlouf A, Zarai F, Obaidat MS, Hsiao K-F (2018) A Distributed Access Control Scheme based on Risk and Trust for Fog-cloud Environments. In: 15th International Joint Conference on e-Business and Telecommunications, vol 1, pp 296–302
Bertocco S, Dowler P, Gaudet S, Major B, Pasian F, Taffoni G (2018) Cloudaccess to interoperable IVOAcompliant VOSpace storage. Astronomy and Computing 24:36–44, 36
Easwaramoorthy S, Thamburasa S, Samy G, Bhushan SB, Aravind K (2016) Digital forensic evidence collection of cloud storage data for investigation. In: 2016 International Conference on Recent Trends in Information Technology (ICRTIT). IEEE, pp 1–6
Thamburasa S, Easwaramoorthy S, Aravind K, Bhushan SB, Moorthy U (2016, August) Digital forensic analysis of cloud storage data in IDrive and mega cloud drive. In: 2016 International Conference on Inventive Computation Technologies (ICICT), vol 3. IEEE, pp 1–6
Easwaramoorthy S, Moorthy U, Kumar CA, Bhushan SB, Sadagopan V (2017) Content based image retrieval with enhanced privacy in cloud using apache spark. In: International Conference on Data Science Analytics and Applications. Springer, Singapore, pp 114–128
Anilkumar C, Sumathy S (2018) Security strategies for cloud identity management—a study. International Journal of Engineering & Technology 7(2):732–741
Zhu Y, Ma D, Huang D, Hu C (2013) Enabling secure location-based services in mobile cloud computing. In: Proceedings of the second ACM SIGCOMM workshop on Mobile cloud computing, pp 27–32
Sun J, Bao Y, Nie X, Xiong H (2018) Attribute-hiding predicate encryption with equality test in cloud computing. IEEE Access 6:31621–31629
Zhao Y, Xie X, Zhang X, Ding Y (2019) A revocable storage CPABE scheme with constant ciphertext length in cloud storage. Mathematical biosciences and engineering: MBE 16(5):4229–4249
Xue Y, Hong J, Li W, Xue K, Hong P (2016) LABAC: a location-aware attribute-based access control scheme for cloud storage. In: 2016 IEEE Global Communications Conference (GLOBECOM). IEEE, pp 1–6
Ming Y, Wang E (2019) Identity-based encryption with filtered equality test for Smart City applications. Sensors 19(14):3046
Birkett J, Stebila D (2010) Predicate-based key exchange. In: Australasian Conference on Information Security and Privacy. Springer, Berlin, Heidelberg, pp 282–299
Attrapadung N, Yamada S (2015) Duality in ABE: converting attribute based encryption for dual predicate and dual policy via computational encodings. In: Cryptographers’ track at the RSA conference. Springer, Cham, pp 87–105
Wang C, Huang J (2011) Attribute-based signcryption with ciphertext-policy and claim-predicate mechanism. In: 2011 Seventh International Conference on Computational Intelligence and Security. IEEE, pp 905–909
Wijesekera D, Jajodia S (2002) Policy algebras for access control the predicate case. In: Proceedings of the 9th ACM conference on Computer and Communications Security, pp 171–180
Li N, Wang Q, Qardaji W, Bertino E, Rao P, Lobo J, Lin D (2009) Access control policy combining: theory meets practice. In: Proceedings of the 14th ACM symposium on Access control models and technologies, pp 135–144
Bertolissi C, Fernández M, Barker S (2007) Dynamic eventbased access control as term rewriting. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Berlin, Heidelberg, pp 195–210
Barker S, Sergot MJ, Wijesekera D (2008) Status-based access control. ACM Transactions on Information and System Security (TISSEC) 12(1):1–47
Rao BS, Rao GA A Framework for Predicate Based Access Control Policies in Infrastructure as a Service Cloud
Fan CI, Huang SY (2013) Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Futur Gener Comput Syst 29(7):1716–1724
Stihler M, Santin AO, Marcon AL Jr, da Silva Fraga J (2012) Integral federated identity management for cloud computing. In: 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE, pp 1–5
Wan Z, Deng RH (2011) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE transactions on information forensics and security 7(2):743–754
Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722
Chen HC (2016) A trusted user-to-role and role-to-key access control scheme. Soft Comput 20(5):1721–1733
Younis Y, Kifayat K, Merabti M (2014) An access control model for cloud computing. J Inf Secur Appl 19(1):45–60
Zhu Y, Ma D, Huang D, Hu C (2013) Enabling secure location based services in mobile cloud computing. In: Proceedings of the Second ACM SIGCOMM Workshop on Mobile Cloud Computing - MCC ‘13, pp 27–32
Ke C, Huang Z, Tang M (2013) Supporting negotiation mechanism privacy authority method in cloud computing. Knowl-Based Syst 51:48–59
Alramadhan M, Sha K (2017) An overview of access control mechanisms for internet of things. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp 1–6
ElSibai R, Gemayel N, BouAbdo J, Demerjian J (2019) A survey on access control mechanisms for cloud computing. Transactions on Emerging Telecommunications Technologies:1–22
Luo Y, Luo W, Puyang T, Shen Q, Ruan A, Wu Z (2016) OpenStack Security Modules: A Least-Invasive Access Control Framework for the Cloud. In: 2016 IEEE 9th International conference on CLOUD computing (CLOUD), pp 51–58
Da Silva CE, Diniz T, Cacho N, de Lemos R (2018) Self-adaptive authorization in OpenStack cloud platform. J Internet Serv Appl 9(1):1–19
Huo J, Qu H, Wu L (2015) Design and implementation of private cloud storage platform based on OpenStack. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity). IEEE, pp 1098–1101
Pflanzner T, Tornyai R, Gibizer B, Schmidt A, Kertesz A (2016) Performance analysis of an openstack private cloud, pp 282–289
Tudoran R, Costan A, Antoniu G, Bougé L (2012) A performance evaluation of azure and nimbus clouds for scientific applications. In: Proceedings of the 2nd International Workshop on Cloud Computing Platforms, pp 1–6
Palankar MR, Iamnitchi A, Ripeanu M, Garfinkel S (2008) Amazon S3 for science grids: a viable solution? In: Proceedings of the 2008 international workshop on Data-aware distributed computing, pp 55–64
Agarwal D, Prasad SK (2012) Azurebench: benchmarking the storage services of the azure cloud platform. In: 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum. IEEE, pp 1048–1057
Tanimura Y, Yanagita S, Hamanishi T (2014) A high performance, qos-enabled, s3-based object store. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. IEEE, pp 784–791
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on Network In Box, Architecture, Networking and Applications
Guest Editor: Ching-Hsien Hsu
Rights and permissions
About this article
Cite this article
Anilkumar, C., Subramanian, S. A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer-to-Peer Netw. Appl. 14, 2372–2384 (2021). https://doi.org/10.1007/s12083-020-00961-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00961-y