مدل های کنترل دسترسی و فن آوری برای محاسبات ابر Survey of access control models and technologies for cloud computing

1 Introduction Access control is a core technology in information security. It allows legitimate users to gain access to information and system resources within legitimate time periods and prevent unauthorized users from accessing information and system resources by denying the access. Access control models and technologies have been in existence for about 50 years since the early 1970s during which period they have experienced a tremendous change from the scratch, from simple to complex and from theory to practice [1]. Access control was initially introduced to solve the problem of authorizing access to shared data on a mainframe. Discretionary access control (DAC) and mandatory access control (MAC) thus emerged [2]. DAC has the advantage of flexibility, but it is not well suited for large-scale networks with high security requirement due to its properties of decentralized resource management and complex authorization management. MAC can solved the problem caused by the decentralization of resource management, but it suffers from the problem of too strict authority management. For a system with a large number of users and many kinds of information and resources that are not clearly defined,MAC could incur excessive workload, low efficiency and lack of flexibility. The development and popularization of computer and network technologies has made DAC and MAC access control models incapable of meeting the needs of practical applications. As the result, role based access control (RBAC) models emerged [3]. After the introduction of the initial model, a series of models, such as RBAC96 [3], ARBAC97 [4], ARBAC99 [5], ARBAC02 [6] and NIST RBAC [7], have been developed on the basis of the original RBAC model. RBAC can deal effectively with the problem of security caused by the flexibility of DAC and the limitation of MAC. In open network environments, information system requires a hierarchical structure in access control and in the management of users and information resources, resulting in task based access control (TBAC) model to be developed in which security models and mechanisms are constructed based on the notion of tasks. A dynamic and real-time security management scheme was proposed targeted for the time period of task processing [8]. Later, combination of RBAC and TBAC was attempted, resulting in the development of a task role based access control model [9] and that of a task and role-based delegation model [10]. Since 1990s, workflow technology has attracted the attention of researchers in the field of computer security. A workflow is a business process that is made up of multiple related tasks in order to accomplish a goal during which data is transferred among different users according to a set of rules defined [11]. When data flows in the workflow, the user who performs the operation is constantly changing along with the change of permissions. Traditional access control technologies can hardly meet the security requirements the dynamic authorization involved. Thus, methods for dynamically building access control matrix with workflow [12] and typical user hierarchy [13] were developed.