Securing Data Storage By Extending Role-Based Access Control

Securing Data Storage By Extending Role-Based Access Control

Mamoon Rashid, Er. Rishma Chawla
Copyright: © 2013 |Pages: 10
DOI: 10.4018/ijcac.2013100103
(Individual Articles)
No Current Special Offers


Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce administrative expenses. In this paper, the authors highlight the drawbacks of RBAC models in terms of access control and authorization and later provide a more viable extended-RBAC model, which enhances and extends its powers to make any Cloud Server more secure by adding valuable constraints. Later the Blobs are stored on cloud server which is then accessed by the end users via this Extended RBAC model. The authors describe a practical implementation of the proposed extended RBAC based architecture and discuss the performance results with its base models. The authors later show how the users with different premiums can access this architecture in a better way and also how the unknown users for this architecture can be denied the usage of services by adding valuable constraints.
Article Preview

1. Introduction

Cloud computing has begun to emerge as a hotspot in both industry and academia; It represents a new business model and computing paradigm, which enables on demand provisioning of computational and storage resources. Economic benefits consist of the main drive for cloud computing due to the fact that cloud computing offers an effective way to reduce capital expenditure and operational expenditure. The definition of cloud computing as per the literature in I. Foster (2009) is ”A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet.”

The Cloud Security Alliance has summarized five essential characteristics (CSA, 2009) that illustrate the relation to, and differences from, traditional computing paradigm:

  • On-demand self-service: A cloud customer may unilaterally obtain computing capabilities, like the usage of various servers and network storage, as on demand, without interacting with the cloud provider;

  • Broad network access: Services are delivered across the Internet via a standard mechanism that allows customers to access the services through heterogeneous thin or thick client tools (e.g., PCs, mobile phones, and PDAs);

  • Resource pooling: The cloud provider employs a multitenant model to serve multiple customers by pooling computing resources, which are different physical and virtual resources dynamically assigned or reassigned according to customer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

  • Rapid elasticity: Capabilities may be rapidly and elastically provisioned in order to quickly scale out or rapidly released to quickly scale in. From customers’ point of view, the available capabilities should appear to be unlimited and have the ability to be purchased in any quantity at any time;

  • Measured service: The service purchased by customers can be quantified and measured. For both the provider and customers, resource usage will be monitored, controlled, metered, and reported.

Complete Article List

Search this Journal:
Volume 13: 1 Issue (2023)
Volume 12: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 11: 4 Issues (2021)
Volume 10: 4 Issues (2020)
Volume 9: 4 Issues (2019)
Volume 8: 4 Issues (2018)
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing