SSRG International Journal of Computer Science and Engineering - (ICRTESTM) - Special Issue – April 2017

A Review On Different Access Control

Mechanism In Cloud Environment
B Sankaraiah D. Bhadru G Shravan Kumar
Asst. Professor Ph.D Scholar Asst. Professor
SVIT. JJTU. SVIT.

ABSTRACT: both regular user functions and privileged

administrative functions. (iv)Maintain accurate
These days in IT industry cloud computing are most
access control policy and up to date user profile
popular paradigms and it provides various services to the
information. Access control models can be
customers with price as pay for use such services are
Infrastructure as a service (IaaS), Platform as a service traditionally categorized into three types: (1)
(PaaS), software as a service (SaaS) and Data base as Discretionary (2) Mandatory and (3) Role-based. In
service (DaaS) like so many services. And all these services the discretionary access control (DAC) model, the
providing needful facilities and various benefits to its owner of the data will decides its access permissions
customers, but there are still Many challenges existed for other users and sets them accordingly. The UNIX
with cloud services such as data confidentiality, malicious operating system is a classical example for
inside and outside attack and lack of access control discretionary access control model. For example, the
policies, so among all the challenges access control is one
subject (i.e., owner of an object) can specify what
of the major challenge why because in order to avoid un
permissions (read/write/execute) members in the
authorized access of data and to protect sensitive data of
owner. Access control grants the permission to the users same group may have and also what permissions all
which gives the right to use rights on data and other others may have. DAC models are usually used only
resources. Access control can be allowed in mainly of the with legacy applications and will incur considerable
computing setting. So in this paper we present various management overhead in the modern multi-user and
types of access control mechanisms that are used in cloud multi-application environment, characteristic of
computing environment. Some of the access control models distributed systems such as cloud. The Mandatory
are Mandatory Access control models (MAC), Role Based access control (MAC) models abstract the need for
Access control (RBAC), Attribute Based Encryption model
resource-user mapping and hence are more adaptable
(ABE), Identity Based Encryption model (IBE).
for distributed systems, compared to DAC models.
Keywords: Control Policy, Encryption, data The MAC model is normally worn in multi-level
confidentiality, access control. protection systems. Here, the access permissions are
determined by the administrator of the system, and
INTRODUCTION: not by the subject. In a multi-level MAC model, each
subject as well as object is recognized with a defense
In cloud computing Access control is an essential level of categorization (e.g., Unclassified, Classified,
feature of data security that is directly applied to the Secret and Top Secret). In a Role-based access
outsourced data and individuality such as control model (RBAC), a user has access to an object
confidentiality, integrity and availability. Cloud based on his/her assigned role in the system. Roles
computing service providers must offer the following are defined based on job functions. Permissions are
basic functionalities from the perception of access defined on job authority and responsibilities of the
control: (i) Control access to the service features of job. Operations on the object are invoked based on
the cloud based on the specified policies and the level the permissions. RBAC models are more scalable
of service purchased by the customer. (ii) Control than the discretionary and mandatory access control
access to a consumer’s data from other consumers in models, and more suitable for use in cloud computing
multi-tenant environments. (iii) Control access to

ISSN: 2348 – 8387 www.internationaljournalssrg.org Page 122

 SSRG International Journal of Computer Science and Engineering - (ICRTESTM) - Special Issue – April 2017

environments, especially when the users of the map the user’s access to the system based on the
services cannot be tracked with a fixed identity. activities that the user has been executed in the cloud
environment. It requires the identification of roles of
Access control Methods: users on the system. Role can be set of objects or
actions associated with the subject. Role may vary
(1) Discretionary Access Control:
depends on the user’s priority. RBAC provides the
Discretionary access control is one of the access web based application security. Roles are assigned
control method in which owner has the complete based on the particular cloud organizational structure
control over his outsourced data in cloud storage. with their security policies. Each role in the
DAC is support on generous access to the user on the organization’s profile includes all authorized users,
basis of user identity and authorization which is commands, transaction and allowable information
defined for open policies. DAC owns and executes access. Roles can be assigned based on the least
and also it decides set of permissions to the particular privilege. These identified roles can be transferred
user to the object. DAC policies considers the access and used based on the appropriate procedures and
of users to the object which is based on the user’s security policies. Roles can be managed centrally.
identity and authorization that specifies for each RBAC allows users to execute multiple roles at the
user’s access method and object that is requested by same time and roles are the useful approach to
user. Each entity applies for to access an object that organizations such as cloud, grid and peer to peer
has been tartan. In DAC access method flexibility environment. In some cases the only one role can be
will be good. In this method most of the authorization assigned to one user and it recognize the same roles
is specified explicitly and also authorizations of to other users jointly. After the DAC and MAC.
individual user is closed. And also when
authorizations are open then it is said to be open
policies. DAC is supposed to be the method of “who
can access what”. In DAC the owner of and data can
prefer to grant access permissions to other users.

(2) Mandatory Access Control

Mandatory access control (MAC) is based on the

access of data to number of users. Mandatory access
control is mostly based on the protection level. In this
entity cannot change the access. Traditional MAC
mechanism is mainly coupled with some security
consideration. This follows the following two
principles. Those are, read down (users current
security level must dominate the access of the object
being read) and write up (users current security level Fig: Role Base
must dominate the access of the object being write). Access control
Using MAC data integrity will increase and it will
give priority to low objects to high objects, this will
achieve data integrity, MAC mostly will applied for
government and military applications. ATTRIBUTE-BASED ENCRYPTION (ABE)
MODEL:
(3) Role Based Access control:
Attribute-based encryption (ABE) is best fit to
Role based access control access (RBAC) defined protect the privacy and secrecy of data in a cloud.
based on the individual’s users roles and ABE is helpful when the resource of the facts
responsibilities within the cloud environment. RBAC recognize neither the identity of the recipient nor

ISSN: 2348 – 8387 www.internationaljournalssrg.org Page 123

 SSRG International Journal of Computer Science and Engineering - (ICRTESTM) - Special Issue – April 2017

their public key but only knows certain attributes of [7] Xiaohui Li, Jingsha he, Ting Zhang “Negative
the recipient. For example, imagine user Alice Authorization in Access Control for Cloud
wishing to communicate with her former classmates, Computing” International Journal of security and its
but she does not know their email addresses. ABE Applications. Vol. 6, No.2 April 2012.
identifies a user with a set of attributes.
[8] Armbrust, M., A. Fox, R.Griffith, A.D. Joseph
CONCLUSION: and R.Katz et al,2010. “A view of cloud computing
Commun. ACM., 53: 50-58
Access control method in cloud is main study area
which will augment the protection on user’s data that [9] Vouk, M.A., 2008 Cloud computing-issues,
are stored in cloud computing. Make sure access research and implementations. J.Comput. Inform
control in cloud enhances the security. We have Technol.,4: 235-246
analyzed various access control mechanism that are
used in previous and current. A comprehensive and [10] Tolone, W.G, Ahn, T.Pai and S Hong, 2005
description and analysis of DAC, MAC and RBAC “Access control in collaborative systems”, ACM
provide the consequence of access control in cloud to Comput.Surv.,37: 29-41.
make sure the security of user’s information.
[11] Zhiugo wan, Jun’e Liu, Robert H. Deng,
REFERECES: “HASBE: A Hierarchical Attribute-Based Solution
for Flexible and Scalable Access Control in Cloud
[1] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy and I. Computing” IEEE Transaction on Information
Stoica, “CloudPolice: Taking Access Control out of Forensics and security, April 2012.
the Network,” Proceedings of the 9th ACM
Workshop on Hot Topics in Networks, October 2010.

[2] S. Oh and S. Park, “Task-role-based Access

Control Model,” Information Systems, vol. 28, no. 6,
pp. 533-562, September 2003.

[3] H. A. J. Narayanan and M. H. Gunes, “Ensuring

Access Control in Cloud Provisioned Health Care
Systems,” Proceedings of the IEEE Consumer
Communications and Networking Conference, 2011.

[4] S. Sanka, C. Hota and M. Rajarajan, “Secure

Data Access in Cloud Computing,” Proceedings of
the 4th IEEE International Conference on Internet
Multimedia Services, December 2010

[5] S. Yu, C. Wang, K. Ren and W. Lou, “Achieving

Secure, Scalable, and Fine-grained Data Access
Control in Cloud Computing,” Proceedings of the
29th IEEE International Conference on Information
Communication, pp. 534-542, 2010.

[6] Zhu Tiayni, Liu Weidong, Song jiaxing “An

Efficient role based access control system for cloud
computing” 2011 11th IEEE International
Conference on Computer and Information
Technology.

ISSN: 2348 – 8387 www.internationaljournalssrg.org Page 124