Skip to main content
SpringerLink
Log in

Research on Access Control Techniques in SaaS of Cloud Computing

  • Conference paper
Security in Computing and Communications (SSCC 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 467))

Included in the following conference series:

Abstract

Where the flexibility of Cloud Computing provides number of usage possibilities to the organizations, the security threats stop them in fully relying on it. Among all security threats, ‘Unauthorized Access Threat’ is one of the most important and difficult to manage. In SaaS, access control issues are of foremost concern. The aim of this paper is to explore the current trends that cloud providers are following in implementing access control measures in SaaS. In this article, a critical review of these measures is done and their advantages and drawbacks are discussed. On the basis of ongoing research, future research directions in the area of SaaS access control are also identified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Benantar, M.: Access Control Systems: Security, Identity, Management and Trust Models. Springer US (2009)

    Google Scholar 

  2. Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Special Publication 800-145 (2011), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  3. DORMA: Brivo to Introduce SaaS-Based Access Control Solution at ISC West (2012), http://www.securitysales.com/article/dorma-brivo-to-introduce-saas-based-access-control-solution-at-isc-west

  4. Aime, M.D., Lioy, A., Pomi, P.C., Vallini, M.: Security Plans for SaaS. In: Agrawal, D., Candan, K.S., Li, W.-S. (eds.) Information and Software as Services. LNBIP, vol. 74, pp. 81–111. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Chou, Y., Levina, O., Oetting, J.: Enforcing Confidentiality in a SaaS Cloud Environment. In: 19th Telecommunications forum TELFOR, Serbia, Belgrade, November 22-24. IEEE Press (2011)

    Google Scholar 

  6. Risk Taxonomy, Technical Standard (2009), http://pubs.opengroup.org/onlinepubs/9699919899/toc.pdf

  7. National Vulnerability Database (2014), http://nvd.nist.gov/

  8. Grobauer, B., Walloschek, T., Stöcker, E.: Understanding Cloud Computing Vulnerabilities. Co-published by the IEEE computer and reliability societies (2011)

    Google Scholar 

  9. Wang, H., Liu, F., Liu, H.: A Method of the Cloud Computing Security Management Risk Assessment. In: Zeng, D. (ed.) Advances in Computer Science and Engineering. AISC, vol. 141, pp. 609–618. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Ganesan, R., Sarkar, S., Tewari, N.: An Independent Verification of Errors and Vulnerabilities in SaaS Cloud. In: 42nd International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE Press (2012)

    Google Scholar 

  11. Rehman, S., Mustafa, K.: Software Design Level Vulnerabilities Classification Model. International Journal of Computer Science and Security 6(4), 238–255 (2012)

    Google Scholar 

  12. National Institute of Standard and Technology/Information Technology Laboratory (NIST/ITL) Bulletin (December 1995), http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm (retrieved on May 2014)

  13. Demin, F., Xiaoming, W., Zongtao, Z.: An Expanded Role-Based Access Control Model. Computer Engineering and Applications (2003)

    Google Scholar 

  14. Li, D., Liu, C., Liu, B.: H-RBAC: A Hierarchical Access Control Model for SaaS Systems. I. J. Modern Education and Computer Science 5 (2011), http://www.mecs-press.org/

  15. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security (TISSEC) 2, 105–135 (1999)

    Article  Google Scholar 

  16. Li, D., Liu, C., Wei, Q., Liu, Z., Liu, B.: RBAC-based Access Control for SaaS Systems. In: IEEE 2nd International Conference on Information Engineering and Computer Science, ICIECS (2010)

    Google Scholar 

  17. Ni, Q., Bertino, E.: Privacy-Aware Role-Based Access Control. ACM Transactions on Information and System Security 13(3), Article 24 (2010)

    Google Scholar 

  18. Ferreira, A., Chilro, D., Antunes, L.: How to Securely Break into RBAC: The BTG-RBAC Model. In: Proceedings of 25th Annual Computer Security Applications Conference, Honolulu, Hawaii (2009)

    Google Scholar 

  19. Rajesh, K., Nayak, A.: Modified BTG-RBAC Modelf or SaaS. In: Proceedings of International Conference on Cloud Computing, Technologies, Applications & Management (2012)

    Google Scholar 

  20. Sirisha, A., Kumari, G.: API Access Control in Cloud Using the Role Based Access Control Model. In: Trendz in Information Sciences & Computing, TISC (2010)

    Google Scholar 

  21. Chung, H., Chen, J., Violetta, M.A., Yang, C.Y.: Contract RBAC in cloud computing. Springer Science Business Media, New York (2013)

    Google Scholar 

  22. Cao, J., Li, P., Zhu, Q., Qian, P.: A Tenant-Based Access Control Model T-Arbac. Computer Science and Application (2013), http://www.hanspub.org/journal/csa.html

  23. Xu, L., Tang, S.: Verifiable computation with access control in cloud Computing. Springer Science+Business Media, New York (2013)

    Google Scholar 

  24. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute based encryption. In: Proc. IEEE Symp. Security and Privacy, Oakland, CA (2007)

    Google Scholar 

  25. Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proc. ACM Conf. Computer and Communications Security (ACM CCS), Chicago, IL (2010)

    Google Scholar 

  26. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: IEEE INFOCOM (2010)

    Google Scholar 

  27. Wan, Z., Liu, J., Deng, R.H.: HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. IEEE Transactions on Information Forensics and Security 7(2) (2012)

    Google Scholar 

  28. Choi, C., Choi, J., Kim, P.: Ontology-based access control model for security policy reasoning in cloud computing. Springer Science+Business Media, New York (2013)

    Google Scholar 

  29. Pervez, Z., Khattak, A.M., Lee, S., Lee, Y., Huh, E.: Oblivious access control policies for cloud based data sharing systems. Springer (2012)

    Google Scholar 

  30. Wang, Z., Sha, K., Lv, W.: Slight Homomorphic Signature for Access Controlling in Cloud Computing. Springer Science+Business Media, New York (2013)

    Google Scholar 

  31. Xu, L., Cao, X., Zhang, Y., Wu, W.: Software Service Signature (S3) for authentication in cloud Computing. Springer Science+Business Media, New York (2013)

    Google Scholar 

  32. L&T Infotech: Selected to drive Cloud access security software to market. Express Computers (May 15, 2011), http://go.galegroup.com/ps/i.do?id=GALE%7CA257405511&v=2.1&u=sdl&it=r&p=CDB&sw=w&asid=b7f8961ca216c997f7384bc9c9c8c5f5

  33. Visual-Gurad (2014), http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles

  34. Double Vision (2014), http://www.doublevision.ca/access-control-systems.html

  35. Dorma (2012), http://www.prweb.com/releases/2012/2/prweb9225731.htm

  36. Safenet (2014), http://www.safenet-inc.com/data-protection/virtualization-cloud-security/saas-security-cloud-access-control/

  37. Cisco (2014), http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/white_paper_c11-596141.html

Download references

Author information

Authors and Affiliations

  1. Department of Information System, Salman bin Abdul Aziz University, Al-Kharj, KSA

    Shabana Rehman

  2. Department of Computer Science, Center of Development of Advanced Computing, UP, India

    Rahul Gautam

Authors
  1. Shabana Rehman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rahul Gautam
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Management Coastal Research Institute (IGIC), Universitat Politècnica de València, Grao de Gandia, 46033, Vaencia, Spain

    Jaime Lloret Mauri

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Department of Electrical Engineering, Georgia Southern University, 8045, 30460, Statesboro, Georgia, USA

    Danda B. Rawat

  4. Chrysler Group LLC, 48326, Auburn Hills, MI, USA

    Di Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rehman, S., Gautam, R. (2014). Research on Access Control Techniques in SaaS of Cloud Computing. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44966-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44965-3

  • Online ISBN: 978-3-662-44966-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation