Trusted reasoning-role-based access control for cloud computing environment

Cloud computing has become the new standard in the fast-growing industry of information technology. This poses new challenges to the existing access control models, as the new computing paradigm is highly-distributed and multi-tenancy. The existing access control models are not strong enough due to unavailability of strong multiple relationships between user and resources. In addition, monitoring activities of users to protect the cloud resources is weak. In these contexts, malicious user must be identified for the protection of sensitive data and to limit the access of the user to the resources. This research developed an enhanced access control model for cloud computing, namely Trusted Reasoning-Role-Based Access Control for Cloud Computing Environment (TR2BAC) model. The model consists of four components. The first component is a dimensional domain for strong multiple relations between resources and user management, whereas the second component is reason-based access mechanism to limit users access based on defined reasoning principle. The third component is the trust module that identifies trusted/malicious users, and the fourth component ensures secure data access that classifies and labels the data according to the level of its sensitivity. The resources are then secured accordingly. Simulation results revealed that the performance of the proposed model improved in comparison to the existing state of the art techniques in terms of throughput by 25% and Permission Grants results by 35%. In terms of user authorization, the access time improved by 95% of the total access time which is about 7.5 seconds. In conclusion, this research has developed an enhanced access control model for cloud computing environment that can be used to protect the privacy of users as well as cloud resources from inside and outside attacks

Secure Data Sharing and Collaboration in the Cloud

Cloud technology can be leveraged to enable data-sharing capabilities, which can benefit the user through greater productivity and efficiency. However, the Cloud is susceptible to many privacy and security vulnerabilities, which hinders the progress and widescale adoption of data sharing for the purposes of collaboration. Thus, there is a strong demand for data owners to not only ensure that their data is kept private and secure in the Cloud, but to also have a degree of control over their own data contents once they are shared with data consumers. Specifically, the main issues for data sharing in the Cloud include key management, security attacks, and data-owner access control. In terms of key management, it is vital that data must first be encrypted before storage in the Cloud, to prevent privacy and security breaches. However, the management of encryption keys is a great challenge. The sharing of keys with data consumers has proven to be ineffective, especially when considering data-consumer revocation. Security attacks may also prevent the widescale usage of the Cloud for data-sharing purposes. Common security attacks include insider attacks, collusion attacks, and man-in-the-middle attacks. In terms of access control, authorised data consumers could do anything they wish with an owner's data, including sending it to their peers and colleagues without the data owner's knowledge. Throughout this thesis, we investigate ways in which to address these issues. We first propose a key partitioning technique that aims to address the key management problem. We deploy this technique in a number of scenarios, such as remote healthcare management. We also develop secure data-sharing protocols that aim to mitigate and prevent security attacks on the Cloud. Finally, we focus on giving the data owner greater control, by developing a self-controlled software object called SafeProtect