Computer Science ›› 2019, Vol. 46 ›› Issue (11): 123-129.doi: 10.11896/jsjkx.190300112

• Information Security • Previous Articles     Next Articles

Research on Broker Based Multicloud Access Control Model

ZHAO Peng1, WU Li-fa2, HONG Zheng1   

  1. (College of Command & Control,Army Engineering University of PLA,Nanjing 210007,China)1
    (School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)2
  • Received:2019-03-22 Online:2019-11-15 Published:2019-11-14

Abstract: Multicloud is increasingly accepted by industry and has great promotional value and development potential,since it combines cloud resources in a provider-independent way and there is no need to change the provider’s original technology solutions and operation model.Cloud broker provides transparent service for providers and users,composes the resource of cloud providers on demand,and reduces the difficulty of Multicloud collaboration,the risk of vendor lock-in and the cost of cloud user.However,the loss of trust and the heterogeneity of access control policy among cloud providers can easily cause security problems,such as privacy leakage and data loss,and affect the promotion and application of Multicloud seriously.Based on the factors,such as trust,context and SLA,Multicloud access control model (MC-ABAC) was proposed.Firstly,the framework of MC-ABAC is constructed to collaborate in Multicloud environments,which consists of Virtual Resource Manager (VRM),Access Control Manager (ACM) and Cloud Access Control Broker (CACB).Secondly,MC-ABAC is designed to achieve trust measurement of cloud providers and authorization management in Multicloud.This model defines subject,resource,environment and operation,and formalizes trust,context,SLA and authorization.Thirdly,the workflow of MC-ABAC is designed to access the resource of multicloud from local provider and CACB respectively.Finally,the simulation environment of MC-ABAC is built by using CloudSim 4.0 and OpenAZ,and used to verify the availability,such as the success rate and the response time of the request.The results show the request success rate of MC-ABAC is about 18% higher than that of ABAC,and whose average response time is better than that of ABAC,when MC-ABAC is used normally and the number of requests is large.

Key words: Multicloud, Cloud broker, Access control, Trust management, Service level agreement, Context information

CLC Number: 

  • TP393
[1] PETCU D.Multi-Cloud:expectations and current approaches[C]∥International Workshop on Multi-Cloud Applications and Federated Clouds.ACM,2013:1-6.
[2] SINGHAL M,CHANDRASEKHAR S,GE T,et al.Collaboration in Multicloud Computing Environments:Framework and Security Issues[J].Computer,2013,46(2):76-84.
[3] ALMUTAIRI A A,SARFRAZ M I,BASALAMAH S,et al.A Distributed Access Control Architecture for Cloud Computing[J].IEEE Software,2012,29(2):36-44.
[4] THEIMER M M,NICHOLS D A,TERRY D B.Delegationthrough access control programs[C]∥International Conference on Distributed Computing Systems.IEEE,1992:529-536.
[5] GUZEK M,GNIEWEK A,BOUVRY P,et al.Cloud Brokering:Current Practices and Upcoming Challenges[J].IEEE Cloud Computing,2015,2(2):40-47.
[6] ANASTASI G F,CARLINI E,COPPOLA M,et al.Usage Control in Cloud Federations[C]∥IEEE International Conference on Cloud Engineering.IEEE,2014:141-146.
[7] SETTE I S,CHADWICK D W,FERRAZ C A G.Authorization Policy Federation in Heterogeneous Multicloud Environments[J].IEEE Cloud Computing,2017,4(4):38-47.
[8] ZHENG Y,LI X,KANTOLA R.Heterogeneous Data AccessControl Based on Trust and Reputation in Mobile Cloud Computing[M]∥Advances in Mobile Cloud Computing and Big Data in the 5G Era.Springer International Publishing,2017.
[9] NGO C,DEMCHENKO Y,LAAT C D.Multi-tenant attribute-based access control for cloud infrastructure services[J].Journal of Information Security and Applications,2016,27-28:65-84.
[10] DEMCHENKO Y,NGO C,LAAT C D,et al.Federated Access Control in Heterogeneous Intercloud Environment:Basic Models and Architecture Patterns[C]∥IEEE International Conference on Cloud Engineering.IEEE,2014:439-445.
[11] MEI J,LI K,TONG Z,et al.Profit Maximization for Cloud Brokers in Cloud Computing[J].IEEE Transactions on Parallel & Distributed Systems,2018,30(1):190-203.
[12] FOWLEY F,PAHL C,JAMSHIDI P,et al.A Classification and Comparison Framework for Cloud Service Brokerage Architectures[J].IEEE Transactions on Cloud Computing,2016,6(2):358-371.
[13] HOGAN M D,LIU F,SOKOL A W,et al.NIST Cloud Computing Standards Roadmap[R].NIST Special Publication,2011,35.
[14] GUZEK M,GNIEWEK A,BOUVRY P,et al.Cloud Brokering:Current Practices and Upcoming Challenges.IEEE Cloud Computing,2015,2(2):40-47.
[15] THOMAS M V.Agent-Based Cloud Broker Architecture forDistributed Access Control in the Inter-Cloud Environments[J].International Journal of Information Processing,2014,8(1):107-123.
[16] PAWAR P S,NAIR S K,ELMOUSSA F,et al.Opinion Model Based Security Reputation Enabling Cloud Broker Architecture[C]∥International Conference on Cloud Computing.Springer,2012:103-113.
[17] HALABI T,BELLAICHE M.A broker-based framework forstandardization and management of cloud security-SLAs[J].Computers & Security,2018,75(6):59-71.
[18] LIU C,WANG G,HAN P,et al.A Cloud Access Security Broker based approach for encrypted data search and sharing[C]∥International Conference on Computing.Networking and Communications.IEEE,2017:422-426.
[19] AI H.Distributed access control[J].Computer Engineering and Design,2007,28(21):5110-5111.
[20] TOLONE W,AHN G J,PAI T,et al.Access control in collaborative systems[J].Acm Computing Surveys,2005,37(1):29-41.
[21] RIZVI S,MITCHELL J.A Semi-distributed Access ControlManagement Scheme for Securing Cloud Environment[C]∥IEEE International Conference on Cloud Computing.IEEE,2015:501-507.
[22] LUO Y,LUO W,TIAN P,et al.OpenStack Security Modules:A Least-Invasive Access Control Framework for the Cloud[C]∥IEEE International Conference on Cloud Computing.IEEE,2017:51-58.
[23] HILIA M,CHIBANI A,WINTER T,et al.Semantic Based Authorization Framework For Multi-Domain Collaborative Cloud Environments[J].Procedia Computer Science,2017,109:718-724.
[24] ALANSARI S,PACI F,MARGHERI A,et al.Privacy-Preserving Access Control in Cloud Federations[C]∥IEEE International Conference on Cloud Computing.IEEE,2017:757-760.
[25] LI F,LUO B,LIU P,et al.In-broker Access Control:Towards Efficient End-to-End Performance of Information Brokerage Systems[C]∥IEEE International Conference on Sensor Networks,Ubiquitous,and Trustworthy Computing.IEEE,2006:252-259.
[26] BHATT S,PATWA F,SANDHU R.An Attribute-Based Access Control Extension for OpenStack and Its Enforcement Utilizing the Policy Machine[C]∥IEEE International Conference on Collaboration and Internet Computing.IEEE,2017:37-45.
[27] JOHN J C,SURAL S,GUPTA A.Authorization Management in Multi-cloud Collaboration Using Attribute-Based Access Control[C]∥International Symposium on Parallel and Distributed Computing.IEEE,2017:190-195.
[28] SINGH S,SIDHU J.Compliance-based Multi-dimensional Trust Evaluation System for determining trustworthiness of Cloud Service Providers[J].Future Generation Computer Systems,2017,67:109-132.
[29] YOU J,SHANG J L,XU S K,et al Distributed Dynamic Trust Management Model b ased on Trust Reliability[J].Journal of Software,2017,28(9):2354-2369.
[1] WANG Jing-yu, LIU Si-rui. Research Progress on Risk Access Control [J]. Computer Science, 2020, 47(7): 56-65.
[2] GU Rong-Jie, WU Zhi-ping and SHI Huan. New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model [J]. Computer Science, 2020, 47(6A): 400-403.
[3] PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[4] WANG Hui, LIU Yu-xiang, CAO Shun-xiang, ZHOU Ming-ming. Medical Data Storage Mechanism Integrating Blockchain Technology [J]. Computer Science, 2020, 47(4): 285-291.
[5] ZHOU Peng-cheng,GONG Sheng-rong,ZHONG Shan,BAO Zong-ming,DAI Xing-hua. Image Semantic Segmentation Based on Deep Feature Fusion [J]. Computer Science, 2020, 47(2): 126-134.
[6] TU Yuan-fei,ZHANG Cheng-zhen. Secure and Efficient Electronic Health Records for Cloud [J]. Computer Science, 2020, 47(2): 294-299.
[7] XU Yang,WANG Jian-cheng,LIU Qi-yuan,LI Shou-shan. Intention Detection in Spoken Language Based on Context Information [J]. Computer Science, 2020, 47(1): 205-211.
[8] QIAO Mao,QIN Ling. AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services [J]. Computer Science, 2019, 46(7): 96-101.
[9] WU Dai-yue, LI Qiang, YU Xiang, HUANG Hai-jun. Client Puzzle Based Access Control Model in Public Blockchain [J]. Computer Science, 2019, 46(4): 129-136.
[10] HUANG Mei-rong, OU Bo, HE Si-yuan. Access Control Method Based on Feature Extraction [J]. Computer Science, 2019, 46(2): 109-114.
[11] FAN Jian-feng, LI Yi, WU Wen-yuan, FENG Yong. Double Blockchain Based Station Dynamic Loop Information Monitoring System [J]. Computer Science, 2019, 46(12): 155-164.
[12] WANG Jing, SI Shu-jian. Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology [J]. Computer Science, 2018, 45(9): 187-194.
[13] HE Si-yuan, OU Bo, LIAO Xin. Role Matching Access Control Model for Distributed Workflow [J]. Computer Science, 2018, 45(7): 129-134.
[14] LIU Xin-yu, LI Lang, XIAO Bing-bing. Attribute-based Proxy Re-encryption Technology and Fault-tolerant Mechanism Based Data Retrieval Scheme [J]. Computer Science, 2018, 45(7): 162-166.
[15] HAN Li , LIU Zheng-jie. CAUXT:A Tool to Help User Experience Researchers Capture Users’ Experience Data in Context of Interest [J]. Computer Science, 2018, 45(7): 278-285.
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .