Improved hierarchical role based access control model for cloud computing

Abstract

Cloud computing is considered as the one of the most dominant paradigms in the field of information technology which offers on demand cost effective services such as Software as a Service (SAAS), Infrastructure as a Service (IAAS) and Platform as a Service (PAAS). Promising all these services as it is, this cloud computing paradigm still associates number of challenges such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all these security requirements of cloud computing access control is the one of the fundamental requirement in order to avoid unauthorized access to a system and organizational assets. Main purpose of this research is to review the existing methods of cloud access control models and their variants pros and cons and to identify further related research directions for developing an improved access control model for public cloud data storage. The paper presents detailed access control requirement analysis for cloud computing and have identified important gaps, which are not fulfilled by conventional access control models. As the outcome of the study an improved access control model with hybrid cryptographic schema and hybrid cloud architecture and practical implementation is proposed. The study tested the model for security implications, performance, functionality and data integrity to prove the validity. It used AES and RSA cryptographic algorithms to implement the cryptographic schema and used public and private cloud to enforce our access control security and reliability. By validating and testing we have proved that the model can withstand against most of the cyber-attacks in real cloud environment. Hence, it has improved capabilities compared with other previous access control models that we have reviewed through literature.