Cluster Computing

https://doi.org/10.1007/s10586-018-1850-7

Survey of access control models and technologies for cloud computing

Fangbo Cai1 · Nafei Zhu1 · Jingsha He1 · Pengyu Mu1 · Wenxin Li1 · Yi Yu1

Received: 10 November 2017 / Revised: 11 January 2018 / Accepted: 13 January 2018

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Abstract
Access control is an important measure for the protection of information and system resources to prevent illegitimate users
from getting access to protected objects and legitimate users from attempting to access the objects in ways that exceed what
they are allowed. The restriction placed on access from a subject to an object is determined by the access policy. With the
rapid development of cloud computing, cloud security has increasingly become a common concern and should be dealt with
seriously. In this paper, we survey access control models and policies in different application scenarios, especially for cloud
computing, by following the development of the internet as the main line and by examining different network environments
and user requirements. Our focus in the survey is on the relationships among different models and technologies along with the
application scenarios as well as the pros and cons of each model. Special attention will be placed on access control for cloud
computing, which is reflected in the summaries of the access control models and methods. We also identify some emerging
issues of access control and point out some future research directions for cloud computing.

Keywords Access control · Cloud security · Access control strategy · Access control model

1 Introduction ber of users and many kinds of information and resources that
are not clearly defined, MAC could incur excessive workload,
Access control is a core technology in information security. low efficiency and lack of flexibility.
It allows legitimate users to gain access to information and The development and popularization of computer and net-
system resources within legitimate time periods and prevent work technologies has made DAC and MAC access control
unauthorized users from accessing information and system models incapable of meeting the needs of practical appli-
resources by denying the access. Access control models cations. As the result, role based access control (RBAC)
and technologies have been in existence for about 50 years models emerged [3]. After the introduction of the initial
since the early 1970s during which period they have expe- model, a series of models, such as RBAC96 [3], ARBAC97
rienced a tremendous change from the scratch, from simple [4], ARBAC99 [5], ARBAC02 [6] and NIST RBAC [7],
to complex and from theory to practice [1]. Access control have been developed on the basis of the original RBAC
was initially introduced to solve the problem of authorizing model. RBAC can deal effectively with the problem of secu-
access to shared data on a mainframe. Discretionary access rity caused by the flexibility of DAC and the limitation of
control (DAC) and mandatory access control (MAC) thus MAC. In open network environments, information system
emerged [2]. DAC has the advantage of flexibility, but it is requires a hierarchical structure in access control and in the
not well suited for large-scale networks with high security management of users and information resources, resulting
requirement due to its properties of decentralized resource in task based access control (TBAC) model to be developed
management and complex authorization management. MAC in which security models and mechanisms are constructed
can solved the problem caused by the decentralization of based on the notion of tasks. A dynamic and real-time secu-
resource management, but it suffers from the problem of too rity management scheme was proposed targeted for the time
strict authority management. For a system with a large num- period of task processing [8]. Later, combination of RBAC
and TBAC was attempted, resulting in the development of a
B Fangbo Cai task role based access control model [9] and that of a task
caifangbo@emails.bjut.edu.cn
and role-based delegation model [10].
1 Faculty of Information Technology, Beijing University of Since 1990s, workflow technology has attracted the atten-
Technology, Beijing, China tion of researchers in the field of computer security. A

123
 Cluster Computing

Fig. 1 The process of access Submit Access Present Access

control Request Access control Request
Iniator Target
enforcement funcon
Decision
Request Decision

Access control decision

funcon

workflow is a business process that is made up of multi- Table 1 Access control matrix
ple related tasks in order to accomplish a goal during which Object1 Object2 „„„ Objectn
data is transferred among different users according to a set Subject1 Own, read, write Write „„„ Own, read, write
of rules defined [11]. When data flows in the workflow, the
Subject2 Read Read, „„„ Write
user who performs the operation is constantly changing along
„„„ „„„ „„„ „„„ „„„
with the change of permissions. Traditional access control
Subjectn Read, write Read „„„ Own, read, write
technologies can hardly meet the security requirements the
dynamic authorization involved. Thus, methods for dynami-
cally building access control matrix with workflow [12] and
typical user hierarchy [13] were developed. active entity that makes the access request and, therefore,
Cloud computing, Internet of things (IoT) and other new is the initiator of the access action. The object is a passive
computing models can provide more convenient data shar- entity that receives access to other entities and, therefore, is
ing and efficient computing services, greatly improving the the recipient of the access action. Access control policy is the
efficiency of information sharing as well as the utilization set of access rules of the subject to the object. Figure 1 shows
of computing and storage resources. However, should these the main elements and the process of making authorization
new computing models fail to provide adequate data protec- decisions through access control.
tion, information leakage will bring tremendous loss to the The access matrix model uses a matrix to describe
user. As the result, secure access to the Cloud has become the access control policy of a system [17]. Lampson first
an increasingly critical issue in a cloud computing environ- abstracted the problem of access control and propose a formal
ment. It is uncertain whether the data stored on the server representation that uses the subject, the object and an access
is out of control or well protected or whether the computing control matrix [18]. In the model, the object is accessed by the
task is properly executed. Therefore, it is necessary to design subject and the system uses the notion of a reference monitor
security mechanisms and architectures to protect the confi- to control access based on the access matrix. An example is
dentiality, integrity and availability of cloud data [14,15]. shown in Table 1.
This paper will first review the development of access
control models and technologies. In Sect. 2, we describe the 2.2 Access control language
basic principle of access control. In Sect. 3, we introduce the
distributed access control in cloud environment. In Sect. 4, In the development and application of access control mod-
we present access control based on security attributes in the els and technologies, a variety of access control languages
cloud environment. In Sect. 5, we summarize the problems have been proposed to implement user access and permis-
of cloud access control. Finally, in Sect. 6, we conclude this sion management efficiently. Access control language is the
paper and also describe our future work. bridge between the theory and the practice of access control
[19]. Following are three common access control languages.
Security assertion markup language, called SAML [20],
is developed based on the XML standard. It can be used
2 General principle of access control to implement the exchange of authentication and authoriza-
tion data between different security domains. The SMAL
2.1 Basic elements of access control standard can define the work of authentication declaration,
attribute declaration, and authorization for identity providers
The purpose of access control is to restrict access by an and service providers.
accessing subject to an accessed object and to make informa- Service delivery markup language, called SPML [21], is
tion resources accessible within the legal scope [16]. There also developed based on the XML standard. It is mainly
are basically three components in the access control model: used to create service requests for user accounts and service
subject, object and access control policy. The subject is an management related requests. The service provides markup

123
Cluster Computing

language to make it easy to accurately configure security and scenarios for specific analysis. The common security strategy
audit requirements of the system and to implement the inter- analysis method introduced in this paper is also applied to
operation between different configuration systems. specific strategies with little extensibility. Analysis method
Extensible access control markup language, called based on state space reasoning, which has the advantages in
XACML [22], is a policy language based on XML that can terms of completeness and generality, is an important devel-
provide effective access control for Web services. Protocol opment direction of access control security analysis.
can be defined in a standardized format for representation of
authorization rules and policies. It can also be used to define 2.5 Consistency analysis of access control strategy
an assessment rule and strategy, which is the standard way
of making authorization policies. The research on policy conflict originates from the research
on policy management framework, which means that two or
2.3 Access control strategy more access strategies are inconsistent in one visit, result-
ing in conflicts in the execution of the access. Cross domain
Access control strategy is the main strategy of network secu- access behavior is very common in cloud environment.
rity for the prevention and protection of objects with the goal Building new interoperability could lead to the inconsistency
of ensuring that network resources are not illegally used or between global security policy and local security policy,
accessed. There may be multiple access control policies in which brings potential security risks. The detection of con-
an access control system. When the subject, the object, and flict between access control strategies can be divided into
the authority of access control are subordinates to different static conflict detection and dynamic conflict detection. He
access control strategies, it may lead to conflict of access et al. proposed a set of systematic conflicts subdivision stan-
control policies, which in turn leads to inconsistent system dards based on the analysis of the causes of strategic conflict
behavior and result in lower inefficiency and accuracy of the [28]. Yao et al. proposed a conflict detection mechanism
access control. There are definitely more security issues such based on the directed graph model [29], which solved the
as access control vulnerabilities. problem that formalization of conflict detection may be too
complicated. In addition, there are detection methods that are
2.4 Security analysis of access control strategy based on priorities [30] and based on semantic conflict vali-
dation [31]. Such methods have some advantages in specific
Access control is an important part of the security analysis situations, but they suffer the disadvantages of high computa-
on cloud access control strategy. Security analysis of access tional overhead. Therefore, research on access control policy
control refers to the fact that this access strategy does not conflict detection needs to seek balance between detection
have risk and security threat during access authorization. accuracy and computation efficiency according to different
The way of performing analysis on cloud access control application scenarios.
is primarily logic analysis based on state space reasoning
[23]. Logic based specific analysis methods include theorem 2.6 Resolution of non-uniform access control
reasoning, mathematical model reasoning and quantitative strategy
analysis. In theorem reasoning [24], the axioms of the rep-
resentative access control model is proved to be correct. In access control models, policy conflict resolution is often
However, it is not easy to find security axioms that can fully used in conjunction with conflict detection. According to the
represent the model in practical applications. Mathematical stage where the digestion process is located, policy conflict
model reasoning [25] uses mathematical models instead of resolution can be performed before or during the execution
access control policies to prove the security of access con- of strategies. Li et al. proposed a method of setting priority
trol. The drawback of this method is that it can only prove for the policy inconsistency problem [32]. In this strategy
the part of the characteristics of security model. Quantitative conflict resolution method, the research uses the method of
analysis [26] relies on determining the level of security of the setting the strategy to execute the priority. Li et al. proposed
model by using quantifiable criteria in information entropy. the minimum cost method and dictionary editing method
Although this method is flexible and operable, it can only based on priority levels according to different objectives of
be evaluated from a certain aspect and can hardly be used to the strategies [33]. Lu et al. [34] proposed an algorithm based
realize the security of an overall comprehensive assessment on the priority maximization consistency subbase. Using a
of a model. The state space reasoning method [27] refers to single method of conflict resolution may result in differ-
the security of the access control based on state space reason- ent results, which eventually leads to inconsistency of the
ing. At present, there is no unified strategy analysis method results. It is usually necessary to develop appropriate strat-
for security analysis of access control strategy. Rather, the egy conflict resolution methods based on the characteristics
analysis is usually performed based on different application of the application scenarios. At present, different access con-

123
 Cluster Computing

Fig. 2 T-RBAC model decompose

architecture Constraint set Workflow Task rely on

S_RH
TRA PTA
URA
User Role Task node Operation Data

Power
Task instantiation
context
Task IPA
Session
instance

rely on

trol mechanisms adopted by major carriers are different. The the RBAC architecture could refine the functions of the sys-
research on conflict resolution of access control strategy is tem into a single task as well as the role and the task. The
still in the stage of finding temporary remedy for problems. authority and the task are linked to achieve dynamic man-
Therefore, further study is necessary on how to detect and agement of access rights [42]. Then, the security of access
resolve conflict of control strategies in the cloud computing control does not have to entirely depend on the credibility of
environment. the cloud server. At the same time, the cloud server would
share part of the authorization work, lowering the burden on
the user [43]. The T-RBAC model is shown in Fig. 2.
3 Cloud computing access control models
3.2 Action based access control
With the development of open network and cloud tech-
nologies, traditional access control models present different With the popularity of mobile Internet and mobile com-
advantages and disadvantages. Researchers have proposed puters, communication network and systems have become
many extended models in recent years on access control [35]. more open and heterogeneous, supporting complex com-
As a cloud computing model is mostly based on resource puting requirements, such as mobile computing and cloud
sharing, there is the need for excessive use of resources to computing [42]. In order to meet the growing demand for
take strong defensive measures. However, cloud computing personalized services by the Internet, temporal and envi-
has the characteristics of being a large-scale, distributed and ronmental information related to the concept of state is
virtual complex information system, traditional access con- considered and introduced into access control models. Li et
trol models and technologies face new challenges to support al. introduced the concept of action and proposed an action
cloud applications [36]. based access control model (ABAC) [44] as shown in Fig. 3
and further discussed the relationship between the roles,
3.1 Task based access control tenses and environment and provided the formal description
of the action state management function [45].
In 1997, Thomas et al. adopted the notion of task and pro- Through the comprehensive consideration and analysis
posed a task-based access control model [37]. The model of the role, the tense and the environment, AcBAC can be
can implement different access control strategies for differ- applied flexibly to deal with access control problems in a vari-
ent workflows. It can also implement different access control ety of information systems. On this basis, in order to solve
strategies in real time for different tasks of the same job. the decision-making problem of information system resource
Botha et al. applied the RBAC model to extend workflow authorization, Li et al. proposed an information system access
systems to effectively enhance the security in granting to control mechanism based on the AcBAC model [46] and, at
the user access to workflow systems. However, the resulting the same time, designed a security architecture for Web ser-
model failed to solve such problems as separation of duties vices based on AcBAC [47] that considers the location and
[38]. In view of this problem, the work in [39] proposed a temporal elements of user access to solve the confidential-
T-RBAC model by combining task and RBAC [40,41]. The ity and integrity of the cloud computing environment. Lin
cloud server authorized by the owner of an object acts as et al. further extended the AcBAC model based on behav-
a trusted intermediary to pass the access request during the ior characteristics of cloud computing environment and the
authorization process. Introducing the concept of task into combination of the Bell-LaPadula and Biba models. A cloud

123
Cluster Computing

Fig. 3 Action based access

control Action level
Action internal,
One to many relationships

Action internal, one

to one relationship
Role

user action action power

assignment assignment
User Power

Environment Tense

User
Actions

Session
Constraint condition

authority
behavioral
level
level

minimum permissions

role minimum minimum

senior intermediate lower
permissions permissions
distribution of
permissions
read read read read read read

environment read write read write

tense senior intermediate lower

Read-write permission

object
constraint
condition

Fig. 4 Architecture of the CCACSM model

computing access control security model (CCACSM) was control aims at addressing the problem of fine grained access
proposed [48] and the execution flow of the model is shown control and large-scale user dynamic expansion in the current
in Fig. 4. complex information systems.
The concept of entity attributes has been applied to
3.3 Attribute based access control access control strategies, models, and implementation mech-
anisms. Through the same way of modeling subjects, objects,
The emergence of new computing models, such as mobile permissions and environment attributes, one can describe
computing and cloud computing, has contributed to the authorization and access control constraints in a flexible
progress of the Internet while bringing new challenge to and extensible manner. Yuan et al. proposed an attribute
access control models. Due to the network environment based access control model [49] to manage access to objects
characteristics of heterogeneity and diversity, access con- through description and operation of the principal attribute
trol technology research began to develop in the direction of expression. The execution process of the model is shown
fine-grained, hierarchical authorization according to object in Fig. 5. In the ABAC model, all the subjects, objects,
oriented security related properties. Attribute based access resources and access policies are described through using

123
 Cluster Computing

Fig. 5 The ABAC model Return information Return information

subject Policy execution point object
Sending resource
Access request
access
Access Return
request Decision
decision result
Return
policy Policy
Policy decision
point administration
Access
request point
environment Attribute Return
access property
request information

Attribute
authority

Fig. 6 The UCON model

Authorization
(A)
Usage decision

Subjects Right Objects

(S) (R) (O)

Obligations Conditions
(B) (C)
Subjects attribute Objects attribute

attributes. Thus, when a user sends a request for access to dition. Park et al. for the first time proposed to use the concept
an object resource, the attribute information about the user of control model [52] which is shown in Fig. 6. Chu et al.
needs to be provided to the system. Since the attributes in proposed a control implementation scheme in a distributed
ABAC access control may come from different organiza- computing environment [53]. Although UCON has obvious
tional domains, semantic interoperation between different advantages in distributed and cross-domain access control,
domains is another important issue to be dealt with. Com- the model has complex authorization management. Tavizi et
bining ABAC with semantic Web technology, one can define al. constructed a new UCON model to solve the problems
more flexible access rules, realize semantic reasoning and of attribute variability and obligation in the cloud computing
effectively solve the problem of attribute semantic interop- environment [54]. Park et al. proposed an extended model
erability. The efficient access control decision of the ABAC called UCONABC by integrating authentication, responsi-
model can guaranteed by the concept of semantic ontology. bility and conditions into the UCON model [55]. While the
Combining the semantic Web technology, the description most important feature of this model is to provide support for
logical reasoning device (DL) can be used to classify the transaction variability and decision sustainability and to meet
users and resources and to prove the consistency of the access the requirements of data usage control in the current complex
control strategy [50]. Ei et al. summed up the cloud environ- network environment, the efficiency of UCONABC model is
ment into three attributes [51] which include users of cloud low. Mashli et al. introduced a new entity evidence manager
resources, cloud resources and specific access environment. in the cloud environment to manage evidence between data
providers and users and used the UCON models to model
3.4 Usage based access control access control management in cloud computing and to man-
age the exchange of evidence between them through the
Usage based access control (UCON) has attracted the atten- model in the protection of cloud platform security policy
tion of experts in the field of information security and is [56]. UCON functions cover the traditional closely controlled
said to represent the next generation of access control mod- environment and the dynamic open and uncontrollable envi-
els. The UCON model mainly deals with new requirements ronment [57,58]. UCON can not only solve the problems of
for access control brought by the distributed environment. traditional access control technologies [59,60], but also meet
Besides the basic elements of the authorization process, the needs of security and privacy issues in modern informa-
ICON includes two additional elements: obligation and con- tion systems.

123
Cluster Computing

4 Encryption based access control trusted authority center

Cryptography aims to protect data through encryption with

a specified algorithm and key to protect the confidentiality
of the data stored in a cloud server in the form of cipher
text. Cryptography based access control can combine a cryp- ciphertext access request
data provider access cloud servers user
tographic algorithm with policy based access control to ciphertext
strategy
achieve complementarity. Encryption based access control
models can come with a variety of forms, such as attribute Fig. 7 The ABE model for cloud computing environment
based encryption (ABE), timed release encryption (TRE),
role based encryption (RBE) and identity based encryption Table 2 The steps of the ABE algorithm
(IBE).
Setup Authorization center executes to generate the master key
and the system public key
4.1 Attribute based encryption Encrypt CT = Encrypt(PK, M, T), sender executes with attribute
set T and plain text M, cipher text is CT
In attribute based encryption (ABE), users whose attribute KeyGen SK = KeyGen(MK, A), authorization center executes
set satisfies the corresponding access control policy can by to generate the user’s private key SK
decrypt the cipher text with flexible implementation of one Decrypt M = Decrypt(CT, SK), receiver executes using private
time encryption and multiple sharing. ABE also has good key SK to get back message M
extensibility and flexible access strategy description capa-
bility. It also supports fine-grained access control with other
superior features. Therefore, it is widely used in the environ- scheme [62]. Then two ABE algorithms related to the strat-
ment of cloud computing. At present, the implementation egy tree are derived, i.e., the key policy ABE and cipher text
mechanisms of ABE include basic ABE, key policy ABE policy ABE. Sahai et al. introduced the concept of key strat-
(KP-ABE) and cipher text policy ABE (CP-ABE). Basic egy and described in the strategy a set of attributes associated
ABE only specifies the threshold policy, which can be used with the cipher text so the decryption key is constrained by the
for simple application scenarios. The KP-ABE and CP-ABE policy tree [63]. When the access control strategy matches the
mechanisms can support complex networks and have a broad attributes, the decryption key can be obtained. Therefore, the
application prospect in fine-grained data sharing and man- encryption party has no control over the cipher text and the
agement control. key strategy is suitable for key management in large-scale
The ABE password system has four basic elements in the network environments [64]. Sue et al. compared KP-ABE
cloud computing environment: data provider, trusted third and CP-ABE and proposed attribute key revocation in the
party authorization center, cloud storage server and user [62]. design of the CP-ABE access control mechanisms. Resis-
First, the trusted authorization center generates key and pub- tance to ABE collusion attacks along with other advantages
lic parameters that pass the system public key to the data lay a theoretical foundation for wide applications of ABE in
provider. After obtaining the system public key, the data cloud computing environments [65]. At the same time, some
provider encrypts a file with the policy tree and the system literature has also pointed out the applicable scenarios of KP-
public key and uploads the cipher text and the policy tree ABE and CP-ABE. Users in the KP-ABE mechanism could
to the cloud server. Then, when a new user joins the sys- restrict the description of the receiving messages, which is
tem, the user would upload its own set of properties to the used in the application of the query class, while senders in
trusted authorization center and submit a private key request. the CP-ABE mechanism could specify the strategy for the
The trusted authorization center would calculate a public key cipher text access, which is used in the application of access
for the user submitted property set and passes it to the user. control.
Finally, the user downloads the data that is interested. If the Although it can ensure the security of data in the cloud
attribute set satisfies the policy tree structure of cipher text computing environment, attribute based encryption affects
data, it can successfully decrypt the cipher text. Otherwise, the performance of access to the data. When the data is mod-
access to the data fails. The description of the model is shown ified or the property is revoked, the whole data content needs
in Fig. 7. to be re-encrypted. The cloud computing environment cur-
ABE consists generally of four steps as shown in Table 2: rently lacks a valid combination of the document model and
Sahai and Waters first proposed a scheme based on fuzzy the hierarchical security protection model. In response to
identity cryptography [61] with the concept of attributes the above problems, Xiong et al. combined the multilevel
being introduced. Goyal et al. proposed an attribute based security and IBE algorithm and proposed a new composite
encryption scheme based on the fuzzy identity encryption document model and IBE-based composite document access

123
 Cluster Computing

control scheme [66]. Liu et al. proposed a multi-user data mechanisms, i.e., identity based encryption and identity
security sharing scheme based on dynamic group manager based signature [72]. Sahai et al. proposed the first fuzzy IBE
in a cloud environment [67] which uses group signature and scheme [73] that would tolerate certain errors between the
broadcast encryption technology to allow users to share data user’s encryption identity and the identity of the encrypted
anonymously with each other in the group. public key, which can support the implementation of bio-
The above discussion covered related mechanisms and metrics as the public key. Unlike IBE, which uses a string
techniques for access control through encryption technolo- of single identity information as a public key, fuzzy identity
gies. The most prominent advantage of ABE is that it is well based encryption (FIBE) uses a string collection of multiple
suited to situations where the descriptor is not fixed in a dis- identity information as a public key and FIBE is considered
tributed environment. The encrypting party that encrypts a to be a basic ABE solution.
message does not need to know who decrypts it and only the
decrypting party who conforms to the corresponding condi-
tion attribute can perform the decryption. Moreover, ABE has
embedded the encryption rules in the encryption algorithm,
5 Problems and challenges in cloud access
which can avoid the cost of key distribution that frequently
control
occurs in cipher based access control. However, the above
Cloud computing is a rapidly developing new industry with
work has not considered multi-factor access control in the
bright prospects for further development and application. At
data encryption scheme in encryption based access control.
the same time, challenges of security that it faces are unprece-
In the face of these problems, new access control models
dented. It is, therefore, necessary for researchers in the field
need to be designed to cope with a variety of security needs
of IT and information security to develop more effective solu-
in complex network environments.
tions. Meanwhile, security of cloud computing is not only a
pure technical issue. It involves many other aspects, such as
4.2 Other encryption-based access control
standardization, regulatory models, law and regulations, and
so on.
Timed release encryption (TRE) model allows data owners
to encrypt data and send it to authorized users. Only when
the predetermined future time is reached, can the authorized 5.1 Summary of the models
user obtain the correct key to decrypt the cipher text. Chen
et al. introduced an efficient coding scheme with privacy In practical applications, access control models should be
protection capability and proposed a non-centralized TRE selected according to different applications and environ-
mechanism [68], which is applicable to application scenar- ments. The ability, performance and security of access
ios that require only a semi-reliable time server. Unruh et al, control models are summarized according to the metrics
based on quantum cryptography, proposed a revocable, time- defined in document [74] to show the advantages and the
based encryption mechanism as well as an unknown recipient disadvantages of the different access control models. Table 3
encryption mechanism [69]. This model would allow a mes-
sage sender to send a message through a non-secure network
and ensure that only one recipient can receive the message. Table 3 Performance comparison among different types of access con-
Role based encryption (RBE) model implements the data trol models
access control mechanism based on the layered RBAC RBAC TBAC ABAC UCON ABE
model. Zhou et al. proposed a role-based encryption mech-
Security 
anism for cloud security storage [70] in which the owner of
Confidentiality 
the data encrypts the data and stores it on the cloud server.
Flexibility of  
Only the user who has specific role can decrypt the data to authorization
obtain the plaintext. Zhu et al. proposed a RBE mechanism Minimum privilege  
that is based on partial order key hierarchy in public key
Separation of duties  
cryptosystem and that supports revocation [71], which would
Fine-grained control   
allow senders to encrypt data using specified roles and only
Cloud environment   
the users with higher roles can correctly decrypt cipher text. attributes
This mechanism supports dynamic user addition and dele- Constraints 
tion with the characteristics of a fixed length of the cipher description
text as well as the decryption key. Compatibility  
Identity based encryption (IBE) model is a public-key Expansibility  
cryptography based algorithm. Shamir et al. proposed two

123
Cluster Computing

provides such a summary in which indicates good perfor- network environment are constantly changing, making tra-
mance. ditional, static and centralized access control incapable of
satisfying the dynamic security needs. Another issue is cross-
5.2 The problems of cloud data access domain authorization among cloud platforms since multiple
security domains are the main characteristics of cloud access
For cloud computing, access control is an important part of where cloud applications may belong to different domains
data security protection technology. Owing to the character- and there is thus the requirement for cross-domain access
istics of data storage and access in the cloud environment, control. There is also the need to study the interoperabil-
cloud data should be well managed. Thus, traditional infor- ity of cross-domain authorization including the strategy for
mation security technologies alone can hardly provide total detection and resolution of policy conflict. Since virtual tech-
guarantee of confidentiality, integrity and availability. Based nology is a key technology of cloud computing, service
on the analysis and description of the above application sce- providers must provide corresponding functions to ensure
narios, cloud data access mainly has the following problems. the security to the customers. Lastly, trusted cloud computing
First is the virtual server security problem, which states that should be developed into cloud computing models. Research
when the physical host is damaged, the virtual server is likely could be conducted on ways of implementing data through
to be attacked due to the communication between physi- the means of non-object classes as a way of providing reliable
cal hosts. Another problem is the security for the data set cloud services.
since storage, processing and transmission of user data are Cloud computing security is not just a technical problem,
all related to cloud computing, including how to store data it also involves standardization, supervision mode, laws and
effectively to avoid data loss or damage. Another problem regulations and other aspects. Therefore, exploring solutions
is cloud platform usability in which attacks to user data and of cloud computing security only from a technical point of
business applications in cloud platforms will affect service view is not enough, effort is really needed from academia,
continuity, SLA and IT process, security strategy, event pro- industry and different levels of government.
cessing and analysis, etc. Cloud platforms could also suffer
from the problem of attacks since cloud computing platforms
can easily become the targets of hackers because of their 6 Conclusion
high concentration of users and information resources. So,
the consequence of data destruction and denial of service Access control is an important information security technol-
will have a much higher impact than traditional enterprise ogy and has become indispensable for enterprises to protect
network application environments. data and resources in information systems. After many years
of development, research on access control models has
5.3 Research on key issues of access control for achieved noticeable progress. Cloud computing is a new
cloud computing paradigm, making access control critical in providing effec-
tive protection to cloud computing resources. This makes
On account of the analysis of cloud application scenarios access control in cloud computing one of the most impor-
and data storage characteristics, current and future research tant issues in present research on cloud security. Therefore, a
on access control will face the complex and dynamic envi- great deal of attention has been attracted from academia and
ronment of cloud computing. In addition to ensuring that industry. However, its characteristics of virtualization, dis-
cloud resources and services are acquired and used by legit- tribution and multi-tenancy have brought many challenges
imate users, further study should be focused on the issues to the development of access control technologies. In addi-
described in Sect. 5.2. The challenges facing the cloud data tion, access control in cloud computing is not just a technical
access control are mainly reflected in the aspects of standard- problem, it also involves a lot of aspects such as standardiza-
ization of cloud platforms and unified technical standards and tion, laws and regulations, codes of conduct, etc. At present,
industry specifications for cloud computing access control. research of cloud computing access control technologies is
At present, most cloud service providers still use traditional still in its early stage. Future studies should therefore empha-
access control technologies and standards as the reference, size more on the design of cloud access control models as
which is not constructive to the implementation and supervi- well as on policy analysis and consistency analysis of access
sion by standardization organizations. For fine grained access control in addition to other key technologies.
control, most existing cloud access control is based on user This paper investigated common access control mecha-
identity and some models even do not follow the minimum nisms and reviewed some traditional access control models
privilege principle of access control, thus bring security risks and technologies as well as the framework of access con-
to multi-tenant environment in the cloud. For access con- trol for cloud computing. This paper also discussed research
trol in cloud computing, cloud users, cloud resources and progress of access control in recent years and pointed out

123
 Cluster Computing

some key issues for future research on cloud access control. 17. Han, D.J., Gao, J., Zhai, H.L., et al.: Research progress of access
We hope that the discussion on challenges and issues of cloud control model. Comput. Sci. 37(11), 29–33 (2010)
18. Lampson, B.W.: A scheduling philosophy for multiprocessing sys-
computing access control would bring benefit to the future tems. Commun. ACM 11(5), 347–360 (1968)
research. 19. Luo, Y., Wu, Z.H.: A new method of access control policy descrip-
tive language and its authorization. J. Comput. 1-18 (2017)
Acknowledgements The work in this paper has been supported by 20. Cantor, S., Moreh, J., Philpott, R., Maler, E.: Metadata for the
National Natural Science Foundation of China (61602456) and National OASIS security assertion markup language (SAML) V2.0. OASIS
High Technology Research and Development Program of China (863 Open, (2005)
Program) (2015AA017204). 21. Gary, C., Sun, M.: OASIS service provisioning markup language
(SPML) versions 2.0. OASIS Open (2006)
22. Erik, R., Axiomatics, B.: OASIS extensible access control markup
language (XACML) versions 3.0. OASIS Open (2013)
References 23. Lv, S., Liu, L., Shi, L., et al.: Intelligent planning method based
on automatic reasoning technology. J. Softw. 20(5), 1226–1240
1. Li, F.H., Xiong, J.B.: Access control technology for complex net- (2009)
work environment. The people’s mail and telecommunications 24. Li, N., Tripunitaram, V.: Security analysis in role based access
press (2015) control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)
2. Bell, D.E., LaPadula, L.J.: Secure computer system: unified expo- 25. Lin, B.G.: Analysis of extended information system security
sition and multics interpretation. DTIC Document, Mitre Corp domain model. J. Commun. 9–14 (2009)
Bedford MA, USA (1976) 26. Ye, Y., Lu, T., et al.: Triple helix model and its quantitative analysis
3. Sandhu, R., Coyne, E.J., Feinstein, H.L., et al.: Role-based access methods. China Soft Sci. 11, 131–139 (2014)
control models. Computer 29(2), 38–47 (1996) 27. Liu, Q.: Role-based access control techniques, South China Uni-
4. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 mode versity of technology press, pp. 55–60 (2010)
for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 28. He, Z., Tian, J., Zhang, Y.: Style refinement and detection improve-
(TISSEC) 2(1), 105–135 (1999) ment of policy conflict. J. Jilin Univ. 25(3), 287–293 (2005). (in
5. Sandhu, R., Munawer, Q.: The ARBAC99 model for administra- Chinese)
tion of roles. In: Proceedings of 15th Annual Computer Security 29. Yao, J., Mao, B., Xie, L.: A DAG-based security policy conflicts
Applications Conference, pp. 229–238. IEEE, New York, NY, USA detection method. J. Comput. Res. Dev. 42(7), 1108–1114 (2005).
(1999) (in Chinese)
6. Oh, S., Sandhu, R., Zhang, X.: An effective role administration 30. Lupu, E.C., Sloman, M.: Conflicts in policy based distributed sys-
model using organization structure. ACM Trans. Inf. Syst. Secur. tems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
(TISSEC) 9(2), 113–137 (2006) 31. Cholvy, L., Cuppens, F.: Analyzing consistency of security poli-
7. Ferraiolo, D.F., Sandhu, R., Gavrila, S., et al.: Proposed NIST stan- cies. IEEE Symposium on Security & Privacy, IEEE, pp. 103–112
dard for role-based access control. ACM Trans. Inf. Syst. Secur. (1997)
(TISSEC) 4(3), 224–274 (2001) 32. Li, X., Meng, L., Jiao, L.: Problems in results of policy conflict
8. Thomas, R.K., Sandhu, R.: Task-based authorization controls resolutions and detection and resolution methods in network man-
(TBAC): a family of models for active and enterprise-oriented agement systems. J. Comput. Res. Dev. 43(7), 1297–1303 (2006).
authorization management. In: Proceedings of the IFIP TC11 (in Chinese)
WG11.3 Eleventh International Conference on Database Security 33. Li, R.X., Lu, J.F., Li, T.Y., et al.: A method of inconsistency conflict
XI: Status and Prospects, pp. 166–181. Chapman & Hall, Ltd., resolution for access control strategy. J. Comput. 36(06), 1210–
London, UK (1998) 1223 (2013)
9. Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 34. Lu, J.F., Yan, X., Peng, H., Han, J.M.: An optimized strategy
28(6), 533–562 (2003) for inconsistent conflict resolution. J. Huazhong Univ.Sci.Technol.
10. Zhu, J.: Research on Group Perception and Access Control 42(11), 106–111 (2014)
Technology in Role Coordination. College of computer science, 35. Feng, D.G., Zhang, M., Zhang, Y.: The security research of cloud
Zhongshan University, Guangzhou (2009) computing. J. Softw. 22(1), 71–83 (2011)
11. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforce- 36. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforce-
ment of authorization constraints in workflow management sys- ment of authorization constraints in workflow management sys-
tems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999) tems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)
12. Knorr, K.: Dynamic access control through Petri net workflows. 37. Thomas, R.K., Sandhu, R.: Task-based authorization controls
In: 16th Annual Conference on Computer Security Applications, (TBAC): a family of models for active and enterprise oriented
pp. 159–167 (2000) authorization management. In: Proceedings of the 11th IFIP
13. Botha, R.A., Eloff, J.H.P.: Designing role hierarchies for access WG11.3 Conference on Database Security, pp. 166–181. Lake
control in workflow systems. In: Proceedings of the 25th Inter- Tahoe (1997)
national Computer Software and Applications Conference, pp. 38. Li, F.H., Su, M., Shi, G.Z., Ma, J.F.: Research status and devel-
117–122. IEEE Computer Society, Washington, DC, USA (2001) opment trends of access control model. Chin. J. Electron. 40(4),
14. Curry, S., Darbyshire, J., Fisher, D.W., Hartman, B., Herrod, S., 805–813 (2012). (in Chinese with English abstract)
Kumar, V., Martins, F. et al.: Infrastructure security: getting to the 39. Botha, R.A., Eloff, J.H.P.: Designing role hierarchies for access
bottom of compliance in the cloud. The Security Division of EMC control in workflow system. The 25th Annual International Com-
(2010) puter Software and Applications Conference Chicago, pp. 117–122
15. Kaur, P.J., Kaushal, S.: Security concerns in cloud computing. (2001)
In: Proceedings of the HPAGC 2011. CCIS, vol. 169, pp. 103– 40. Wang, X.W., Zhao, Y.M.: A task-role-based access control model
112(2011) for cloud computing. Comput. Eng. 38(24), 9–13 (2012)
16. Shen, H.B., Hong, F.: Review of access control model. Appl. Res. 41. Deng, J.B., Hong, F.: Task-based access control model. J. Softw.
Comput. 22(6), 9–11 (2005) 14(1), 76–96 (2003)

123
Cluster Computing

42. Park, S.: Task role based access control: an improved access control 63. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-Based encryption
model for enterprise environment. The 11th International Confer- with non-monotonic access structures. In: Proceedings of the 14th
ence in Database and Expert Systems Applications. pp. 264–273. ACM Conference on Computer and Communications Security. pp.
London (2000) 1–17. ACM Press, New York (2007)
43. Androulaki, E., Soriente, C., Malisa, L. et al.: Enforcing loca- 64. Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute-
tion and time based access control on cloud stored data. The 34th based encryption. In: Shacham, H., Waters, B. (eds.) Pairing-Based
International Conference on Distributed Computing systems. pp. Cryptography-Pairing 2009, pp. 248–265. Springer-Verlag, Berlin
637–648 (2014) (2009)
44. Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control 65. Shu, J.S., Cao, D., Wang, X.F.: Attribute based encryption mecha-
model. Chin. J. Electron. 17(3), 396–401 (2008) nism. J. Softw. 22(6), 1299–1315 (2011)
45. Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control 66. Xiong, J.B., Yao, Z.Q., Ma, J.F., et al.: A portfolio document model
model and its behavior management. J. Electron. 36(10), 1881– and access control scheme in a cloud computing environment. J.
1890 (2008) Xi’an Jiao Tong Univ. 48(2), 25–31 (2014)
46. Li, F.H., Wang, W., Ma, J.F., et al.: The access control model of 67. Liu, X., Zhang, Y., Wang, B.: Mona: secure multi-owner data shar-
cooperative information system and its application. J. Commun. ing for dynamic groups in the cloud. IEEE Trans. Parallel Distrib.
29(9), 116–123 (2008) Syst. 24(6), 1182–1192 (2013)
47. Li, F.H., Wang, W., Ma, J.F., et al.: Action based access control 68. Chen, S.H., Chen, R.J.: Dealer less multi server timed release
for web services. The 5th International Conference on Information encryption scheme with privacy preserving encoding. The Sec-
Assurance and Security, pp. 637-642. Xi’an, (2009) ond International Conference on Information Security and Digital
48. Lin, G.Y., He, S., Huang, H., Wu, J.Y., Chen, W.: Access control Forensics, p. 1 (2005)
security model based on behavior in cloud computing environment. 69. Unruh, D.: Revocable quantum timed release encryption. The 33th
J. Commun. 33(3), 59–66 (2012) Annual International Conference on the Theory and Applications of
49. Yuan, E., Tong, J., Zhao, Z.: Attributed based access control Cryptographic Techniques, pp. 129–146. Springer Verlag, Copen-
(ABAC) for web services. The IEEE International Conference on hagen, Heidelberg (2014)
Web Services, Orlando, Florida. pp. 561–569 (2005) 70. Zhou, L., Varadharajan, V., Hitchens, M.: Enforcing role based
50. Wang, X.M., Fu, H., Zhang, C.L.: Research progress on properties access control for secure data storage in the cloud. Comput. J.
based access control. J. Electron. 38(07), 1660–1667 (2010) 54(10), 1675–1687 (2011)
51. Ei, E.M., Thinn, T.N.: The privacy-aware access control system 71. Zhu, Y., Hu, H.X., et al.: Provably secure role based encryption with
using attribute-and role-based access control in private cloud. Pro- revocation mechanism. J. Comput. Sci. Technol. 26(4), 697–710
ceedings of the 2011 4th IEEE IC-BNMT. pp. 447–451 (2011) (2011)
52. Parkark, J., Sandhu, R.: Towards usage control models: Beyond 72. Shamir, A.: Identity Based Crypto Systems and Signature Schemes.
traditional access control. Proceedings of the 7th ACM Symposium CRYPTO 84 on Advances in Cryptology. Springer Verlag, New
on Access Control Models and Technologies, pp. 57–64. ACM York (1985)
press, Monterey California (2002) 73. Sahai, A., Waters, B.: Fuzzy identity based encryption. The 24th
53. Chu, X.B., Qin, Y.: A distributed control system based on trusted Annual International Conference on Theory and Applications of
computing. J. Comput. 33(1), 93–102 (2010) Cryptographic Techniques, pp. 457–473. Springer Verlag, Berlin
54. Tavizi, T., Shajari, M., Dodangeh, P.: A usage control based archi- Heidelberg (2005)
tecture for cloud environments. Parallel and Distributed Processing 74. Wang, Y.D., Yang, J.H., Xu, C., et al.: Survey on access control tech-
Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th nologies for cloud computing. J. Softw. 26(5), 1129–1150 (2015)
International. pp. 1534–1539, IEEE (2012)
55. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM
Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
56. Mounira, M., Rached, A., Ahmed, S.: Access control in probative Fangbo Cai is currently a Ph.D.
value cloud. In: Proceedings of the 8th International Conference candidate in the Faculty of Infor-
for Internet Technology and Secured Transactions (2013) mation Technology at Beijing
57. Park, J., Zhang, X.W., Sandhu, R.: Attribute mutability in usage University of Technology (BJUT),
control. In: Proceedings of the Annual IFIP WG Working Confer- Beijing, China. She received her
ence on Data and Applications Security, pp. 15-29 (2004) Master’s degree from the same
58. Zhang, X.W., Nakae, M., Covington, M.J., et al.: Toward a usage- university in 2016. Ms. Cai’s rese-
based security framework for collaborative computing systems. arch interests include network
ACM Trans. Inf. Syst. Secur. 11(1), 1–36 (2008) security and distributed network
59. Park, J.: Usage Control: A Unified Framework for Next Generation technology.
Access Control. George Mason University, Virginia (2003)
60. Zhang, X.W., Parisi-Presicce, F., Sandhu, R., et al.: Formal model
and policy specification of usage control. ACM Trans. Inf. Syst.
Secur. 8(4), 35–87 (2005)
61. Dong, Q.X., Guan, Z., Chen, Z.: An overview of computational
cryptography on cryptographic data. Appl. Res. Comput. 33(09),
2561–2572 (2016)
62. Vipul, G., Amit, S., Omkant, P., Brent, W.: Attribute-based encryp-
tion for fine-grained access control of encrypted data. In: Proceed-
ings of the ACM Conference on Computer and Communications
Security. pp. 89-98 (2006)

123
 Cluster Computing

Nafei Zhu received her B.S. and Wenxin Li is a Postgraduate in the

M.S. degrees from Central South School of Software Engineering
University, China in 2003 and at Beijing University of Technol-
2006, respectively, and her Ph.D. ogy, Beijing, China. She received
degree in computer science and her Bachelor’s degree in Xi’an
technology from Beijing Univer- Shiyou University. She’s interests
sity of Technology in Beijing, in research direction mainly for
China in 2012. From 2015 to network security, including access
2017, she was a Postdoc and an control, information protection
Assistant Researcher in the Trusted and distributed network technol-
Computing and Information Ass- ogy.
urance Laboratory, State Key Lab-
oratory of Computer Science,
Institute of Software, Chinese
Academy of Sciences in China.
She is now on the Faculty of Information Technology in Beijing Uni-
versity of Technology. Dr. Zhu has published over 20 research papers
in scholarly journals and international conferences (16 of which have Yi Yu is a currently M.S. candi-
been indexed by SCI/EI/ISTP). Her research interests include infor- date in the Faculty of Information
mation security and privacy, wireless communications and network Technology at Beijing University
measurement. of Technology (BJUT), Beijing,
China. She received her B.S.
degree from Hubei Polytechnic
Jingsha He is currently a Profes- University in 2016. Her research
sor in the Faculty of Information interests include network security,
Technology at Beijing University access control and identity authen-
of Technology (BJUT), Beijing, tication.
China. He received his Ph.D.
degree from the University of
Maryland at College Park in 1990.
Prior to joining BJUT in 2003, he
worked for IBM, MCI Commu-
nications and Fujitsu Laboratories
engaging in R&D of advanced
networking technologies and com-
puter security. Prof. He’s research
interests include methods and
techniques that can improve the
security and performance of the Internet. He has published nearly 260
papers in the above areas.

Pengyu Mu is a currently M.S.

candidate in the Faculty of Infor-
mation Technology at Beijing
University of Technology (BJUT),
Beijing, China. He received his
B.S. degree from Tianjin Poly-
technic University in 2015. His
research interests include network
security, access control and social
networking.

123