Usage Based Access Control for Web Based Applications

Abstract

Cloud computing is the latest computing technology that provides various on demand services to large variety of users. This technology helps large organizations and enterprises by executing large number of processes in or- der to reduce their computational overhead. Even though the Cloud o ers signi cant bene ts, there are still many security issues that avoid users to adopt this technology. Some of the major security issues include data con- dentiality, trust establishment, access management and data integrity etc. Access control is one of the mandatory security requirements in Cloud en- vironment that avoids the unauthorized usage of Cloud resources. In the current thesis, we have carried out research in two directions and one of them is the detailed study of access control models for Cloud environment. Based on this study, we have examined the viability of access control models for Cloud environment and their comparative analysis has been performed. Assessment criteria have been proposed that analyzes the Cloud based ac- cess control models according to NIST de ned evaluation features for access control models. This analysis highlights the essential features that must be incorporated in access control models for Cloud dynamic environment. Af- ter the analysis, we have concluded that Usage Based Access Control Model (UCON) is the most appropriate model that can perform better according to speci cations of Cloud environment. Another research direction of our thesis is the comprehensive study of UCON model and its applicability in di erent applications and environment. Main distinguishing features of UCON model are attribute mutability and continuity of access decision that makes it far better than the traditional access control models. In order to increase the accuracy of access decision, UCON model has three main decision factors i-e authorization, obligation and condition. Despite of all these excellent features, UCON model is not being widely adopted by organizations in order to provide the controlled access for their resources. The major reason for this is that there is no proper speci cation available for UCON model in any policy speci cation language. There is a need to provide the speci cation of UCON model in ii iii order to be used for di erent real world applications. We have proposed the UCON pro le in eXtensible access control markup language (XACML) in order to address this issue. XACML is a generic policy language that o ers the request response phenomenon in addition to the policy speci cation standard. The UCON pro le has been formulated by the addition of newly created attributes and identi ers in XACML that enable organizations to deploy this model in di erent scenarios.