Enhancing highly-collaborative access control system using a new role-mapping algorithm

Doaa Abdelfattah, Hesham A. Hassan, Fatma A. Omara

Abstract


The collaboration among different organizations is considered one of the main benefits of moving applications and services to a cloud computing environment. Unfortunately, this collaboration raises many challenges such as the access of sensitive resources by unauthorized people. Usually, role based access-control (RBAC) Model is deployed in large organizations. The work in this paper is mainly considering the authorization scalability problem, which comes out due to the increase of shared resources and/or the number of collaborating organizations in the same cloud environment. Therefore, this paper proposes replacing the cross-domain RBAC rules with role-to-role (RTR) mapping rules among all organizations. The RTR mapping rules are generated using a newly proposed role-mapping algorithm. A comparative study has been performed to evaluate the performance of the proposed algorithm with concerning the rule-store size and the authorization response time. According to the results, it is found that the proposed algorithm achieves more saving in the number of stored role-mapping rules which minimizes the rule-store size and reduces the authorization response time. Additionally, the RTR model using the proposed algorithm has been implemented by applying a concurrent approach to achieve more saving in the authorization response time. Therefore, it would be suitable in highly-collaborative cloud environments

Keywords


authorization; cloud computing; role based access control; role-mapping; security;

Full Text:

PDF


DOI: http://doi.org/10.11591/ijece.v12i3.pp2765-2782

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578

This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).