Taxonomy and Classification of Access Control Models for Cloud Environments

  • Abhishek MajumderEmail author
  • Suyel Namasudra
  • Samir Nath
Part of the Computer Communications and Networks book series (CCN)


Cloud computing is an emerging and highly attractive technology due to its inherent efficiency, cost-effectiveness, flexibility, scalability and pay-per-use characteristics. But alongside these advantages, many new problems have also surfaced and some of these issues have become a cause of grave concern. One of the existing problems that have become critical in the cloud environment is the issue of access control and security. Access control refers to a policy that authenticates a user and permits the authorized user to access data and other resources of cloud-based systems. In access control, there are several restrictions and rules that need to be followed by the users before they can access any kind of data or resource from the cloud-based servers. In this context, there are many access control models suggested by researchers that currently exist. In this chapter, a brief discussion of the various access control models has been presented. Moreover, the taxonomy of access control schemes has also been introduced. Finally, based on the analysis of the mechanisms adapted therein, the access control models are classified into different classes of the proposed taxonomy.


Access control models Taxonomy Classification Cloud environment Identity-based Non identity-based Centralized Collaborative 


  1. 1.
    Ateniese G, Fu K, Green M, Hohenberger S (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM T Inf Sys Secur 9(1):1–30CrossRefzbMATHGoogle Scholar
  2. 2.
    Ausanka-Crues R (2006) Methods for access control: advances and limitations. Accessed 9 Oct 2013
  3. 3.
    Baldwin RW (1990) Naming and grouping privileges to simplify security management in large databases. In: Proceedings of the IEEE computer society symposium on research in security and privacy, pp 116–132, Oakland, USA, May 1990Google Scholar
  4. 4.
    Bell DE, Padula LJL (March 1976) Secure computer system: unified exposition and multics interpretation (Mitre Corporation). Accessed 7 Oct 2013
  5. 5.
    Bertino E, Bonatti PA, Ferrari E (2001) TRBAC: a temporal role-based access control model. ACM T Inf Syst Secur 4(3):191–233CrossRefGoogle Scholar
  6. 6.
    Bertino E, Carminati B, Ferrari E (2002) A temporal key management scheme for secure broadcasting of XML documents. In: Proceedings of 9th ACM conference on computer and communications security, pp 31–40, Washington, DC, USA, Nov 2002Google Scholar
  7. 7.
    Bertino E, Byun JW, Li N (2005) Privacy-preserving database systems. In: Aldini A, Gorrieri R, Martinelli F (eds) Foundations of security analysis and design III. Springer, Berlin, pp 178–206CrossRefGoogle Scholar
  8. 8.
    Bishop M (2002) Computer security: art and science, Addison-Wesley, BostonGoogle Scholar
  9. 9.
    Byun J W, Bertino E, Li Ninghui (2005) Purpose based access control of complex data for privacy protection. In: Proceedings of 10th ACM symposium on access control models and technologies, pp 102–110, Stockholm, Sweden, June 2005Google Scholar
  10. 10.
    Clark DD, Wilson DR (1987) A comparison of commercial and military computer security policies. In: Proceedings of IEEE symposium on computer security and privacy, pp 184–194, Oakland, USA, April 1987Google Scholar
  11. 11.
    Danwei C, Xiuli H, Xunyi R (2009) Access control of cloud service based on UCON. Proceedings of CloudCom, pp 559–564, Beijing, China, Dec 2009Google Scholar
  12. 12.
    Fabry RS (1974) Capability-based addressing. Commun ACM 17(7):403–412CrossRefGoogle Scholar
  13. 13.
    Federal Information Processing Standards (1994) Security requirements for cryptographic modules. Accessed 6 Oct 2013
  14. 14.
    Ferraiolo DF, Kuhn DR (1992) Role-based access controls. In: Proceedings of the 15th national computer security conference, pp 554–563, Baltimore, USA, Oct 1992Google Scholar
  15. 15.
    Gao X, Jiang Z, Jiang R (2012) A novel data access scheme in cloud computing. In: Proceedings of the 2nd international conference on computer and information applications, pp 124–127, Taiyuan, Chaina, Dec 2012Google Scholar
  16. 16.
    Hota C, Sankar S, Rajarajan M, Nair SK (2011) Capability-based cryptographic data access control in cloud computing. Int J Adv Netw Appl 3(03):1152–1161Google Scholar
  17. 17.
    Jiyi W, Qianli S, Jianlin Z, Qi X (2011) Cloud computing: cloud security to trusted cloud. Adv Mater Res 186:596–600CrossRefGoogle Scholar
  18. 18.
    Kalam AAE, Baida RE, Balbiani P, Benferhat S (2003) Organization based access control. In: Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks, pp 120–131, Lake Como, Italy, June 2003Google Scholar
  19. 19.
    Khan AR (2012) Access control in cloud computing environment. ARPN J Eng Appl Sci 7(5):1819–6608Google Scholar
  20. 20.
    Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27CrossRefGoogle Scholar
  21. 21.
    Lampson BW (1971), Protection. In: Proceedings of 5th Princeton symposium on information science and systems, pp 437–443, Princeton University, USA, March 1971 (reprinted in Oper Syst Rev 8(1):18–24, Jan 1974)Google Scholar
  22. 22.
    Mayfield T, Roskos JE, Welke SR, Boone JM (1991) Integrity in automated information systems (Institute for Defence Analysis). Accessed 4 Oct 2013
  23. 23.
    Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control. In: Proceedings of the 7th ACM symposium on access control models and technologies, pp. 57–64, Monterey, USA, June 2002Google Scholar
  24. 24.
    Park J, Sandhu R (2004) The UCONABC usage control model. ACM T Inf Syst Secur 7(1):128–174CrossRefGoogle Scholar
  25. 25.
    Popovic K, Hocenski Z (2010) Cloud computing security issues and challenges. In: Proceedings of the 33rd international convention on information and communication technology, electronics and microelectronics, pp 344–349, Opatija, Croatia, May 2010Google Scholar
  26. 26.
    Pries R, Yu W, Fu X, Zhao W (2008) A new replay attack against anonymous communication networks. In: Proc IEEE international conference on communication, pp 1578–1582, Beijing, China, May 2008Google Scholar
  27. 27.
    Saidi MB, Elkalam AA, Marzouk A (2012) TOrBAC: a trust organization based access control model for cloud computing systems. Int J Soft Comput Eng 2(4):122–130Google Scholar
  28. 28.
    Sandhu R, Ferraiolo D, Kuhn R (2000) The NIST model for role based access control: toward a unified standard. In: Proceedings of the 5th ACM workshop on role based access control, pp 47–63, Berlin, Germany, July 2000Google Scholar
  29. 29.
    Sanka S, Hota C, Rajarajan M (2010) Secure data access in cloud computing. In: Proceeding 4th international conference on internet multimedia systems architectures and applications, pp 1–6, Bangalore, India, Dec 2010Google Scholar
  30. 30.
    Sasaki T, Nakae M, Ogawa R (2010) Content oriented virtual domains for secure information sharing across organizations. In: Proceedings of the ACM workshop on cloud computing security, pp 7–12, Chicago, USA, 2010Google Scholar
  31. 31.
    Singh P, Singh S (2013) A new advance efficient RBAC to enhance the security in cloud computing. Int J Adv Res Comput Sci Softw Eng 3(6):1136–1142Google Scholar
  32. 32.
    Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M (2012) On breaking SAML: be whoever you want to be. In: Proceedings of the 21st USENIX conference on security symposium, pp 21–21, Bellevue, WA, Aug 2012Google Scholar
  33. 33.
    Sun L, Li Y (2006) DTD level authorization in XML documents with usage control. Int J Comput Sci Netw Secur 6(11):244–250Google Scholar
  34. 34.
    Sun L, Wang H (2010) A purpose based usage access control model. Int J Comput Inf Eng 4(1):44–51Google Scholar
  35. 35.
    Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007a) Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd international conference on very large databases, pp 123–134, Vienna, Austria, Sept 2007Google Scholar
  36. 36.
    Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2007b) A data outsourcing architecture combining cryptography and access control. In: Proceedings of the ACM workshop on computer security architecture, pp 63–69, Alexandria, USA, Oct 2007Google Scholar
  37. 37.
    Wang W, Li Z, Owens R, Bhargava B (2009) Secure and efficient access to outsourced data. In: Proceedings of the ACM cloud computing security workshop, pp 55–65, Chicago, USA, Nov 2009Google Scholar
  38. 38.
    Wu Y, Suhendra V, Guo H (2012) A gateway-based access control scheme for collaborative clouds. In: Wagner A (ed) Seventh International Conference on Internet Monitoring and Protection, Stuttgart, Germany, June 2012. Red Hook, Curran Associates, pp. 54–60Google Scholar
  39. 39.
    Xu J, Yan J, He L, Su P, Feng D (2010) CloudSEC: a cloud architecture for composing collaborative security services. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science, pp 703–711, Indiana, USA, Dec 2010Google Scholar
  40. 40.
    Youseff L, Butrico M, Da Silva D (2008) Toward a unified ontology of cloud computing. In: Proceedings of the grid computing environments workshop, pp 1–10, Austin, USA, Nov 2008Google Scholar
  41. 41.
    Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. Proceedings of the IEEE INFOCOM, pp 1–9, San Diego, USA, March 2010Google Scholar
  42. 42.
    Zargar ST, Hassan T, Joshi JBD (2011) DCDIDP: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In: Proceedings of the 7th international conference on collaborative computing: networking, applications and worksharing (collaborateCom), pp 332–341, Orlando, USA, Oct 2011Google Scholar
  43. 43.
    Zhu Y, Hu H, Ahn GJ, Huang D (2012) Towards temporal access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp 2576–2580, Orlando, USA, March 2012Google Scholar

Copyright information

© Springer-Verlag London 2014

Authors and Affiliations

  • Abhishek Majumder
    • 1
    Email author
  • Suyel Namasudra
    • 1
  • Samir Nath
    • 1
  1. 1.Department of Computer Science & EngineeringTripura UniversityTripuraIndia

Personalised recommendations