Author:
Hussain Sadia,Islam M. Hasan,Abbas Haider
Abstract
Security in Cloud is one of the most foremost and critical feature, which can ensure the confidence of the Scientific community on Cloud environment. With the dynamic and ever changing nature of the Cloud computing environment, static access control models become obsolete. Hence, dynamic access control models are required, which is still an emergent and underdeveloped domain in Cloud security. These models utilize not only access policies but also contextual and real-time information to determine the access decision. Out of these dynamic models the Risk-based Access control model, estimates the security risk value related to the access request dynamically to determine the access decision. The exclusive working pattern of this access control model makes it an excellent choice for dynamically changing environment that rules the cloud’s environment. This paper provides a systematic literature appraisal and evaluation of risk-based access control models to provide a detailed understanding of the topic. The contributions of selected articles have been summarized. The security risks in cloud environment have been reviewed, taking in the account of both Cloud Service Provider and Cloud Customer perspectives. Additionally, risk factors used to build the risk-based access control model were extracted and analyzed. Finally, the risk estimation techniques used to evaluate the risks of access control operations have also been identified.
Publisher
Academy and Industry Research Collaboration Center (AIRCC)
Reference46 articles.
1. [1] Mell, P. and Grance, T.: The NIST definition of cloud computing (2011).
2. [2] GözdeKarataş and AkhanAkbulut, Survey on Access Control Mechanisms in Cloud Computing, Journal of Cyber Security and Mobility, Vol: 7 Issue: 3, Published In: July 2018, doi: https://doi.org/10.13052/jcsm2245-1439.731.
3. [3] Mayank Raj, Mario Di Franscesco , Sajal K. Das,Secure Mobile Cloud Computing, in Handbook on Securing Cyber-Physical Critical Infrastructure, 2012.
4. [4] Clavister. Security in the Cloud. 2009. http://www.itwire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf.
5. [5] Data Security and Privacy Protection Issues in Cloud Computing, Deyan Chen, Hong Zhao, Published in International Conference on Computer Science and Electronics Engineering, 2012, DOI:10.1109/ICCSEE.2012.193