Dynamic Permission Access Control Model Based on Privacy Protection

Abstract Access control technology is one of the key technologies to ensure safe resource sharing. Identity authentication and authority distribution are two key technologies for access control technology to restrict unauthorized users from accessing resources and resources can only be accessed by authorized legal users.However, user privacy protection and frequent permission changes are two thorny issues that need to be solved urgently by access control technology. To deal with these problems, this paper proposes a dynamic access control technology based on privacy protection. Compared with existing access control technologies, the main advantages of this paper are as follows: 1) encrypt and hide the attributes of entities, and use attribute-based identity authentication technology for identity authentication, which not only achieves the purpose of traditional identity authentication, but also ensures the attributes and privacy of entities are not leaked; 2) Binding resource access permissions with entity attributes, dynamically assigning and adjusting resource access control permissions through changes in entity attributes, making resource access control more fine-grained and more flexible. Security proof and performance analysis show that the proposed protocol safe under the hardness assumption of the discrete logarithm problem (DLP) and the decision bilinear Diffie-Hellman (DBDH) problem. Compared with the cited references, it has the advantages of low computational complexity, short computational time, and low communication overhead.

Download Full-text

Multi-Factor Synthesis Decision-Making for Trust-Based Access Control on Cloud

International Journal of Cooperative Information Systems ◽

10.1142/s0218843017500034 ◽

2017 ◽

Vol 26 (04) ◽

pp. 1750003 ◽

Cited By ~ 5

Author(s):

Khaled Riad ◽

Zhu Yan

Keyword(s):

Decision Making ◽

Access Control ◽

Resource Sharing ◽

Trust Model ◽

Communication Overhead ◽

Cloud Environment ◽

Resource Pooling ◽

Processing Times ◽

Trust Level ◽

Control Decision

Providing a creditable basis for access control decision-making is not an easy task for the resource pooling, dynamic, and multi-tenant cloud environment. The trust notation can provide this creditable basis, based on multiple factors that can accurately compute the user’s trust for the granting access entity. In this paper, the formal trust model has been introduced, which presents a novel method to provide the basis for granting access. It is based on three factors and their semantic relations, which investigate important measures for the cloud environment. Also, a new Trust-Based Access Control (TB-AC) model has been proposed. The proposed model supports dynamically changing the user’s assigned permissions based on its trust level. In addition, TB-AC ensures secure resource sharing among potential untrusted tenants. TB-AC has been deployed on a separated VM in our private cloud environment, which is built using OpenStack. The experimental results indicated that TB-AC can evaluate access requests within reasonable and acceptable processing times, which is based on the final trust level calculation and the communication between TB-AC and some of the intended OpenStack services. By considering very rough conditions and huge traffic overhead, the final trust level can be calculated in an average time of 200[Formula: see text]ms. Furthermore, the communication overhead between TB-AC and each of Keystone, Nova, and Neutron is very light. Finally, TB-AC has been tested under different scenarios and is provable, usable and scalable.

Download Full-text