HyARBAC: A New Hybrid Access Control Model for Cloud Computing

Abstract

Cloud computing has been among the most critical digital processes and storage technologies in recent years. Nevertheless, the cloud is faced with data security issues due to its vulnerability to weak access control. Access control guarantees accessing cloud data and resources only to authorized users; unauthorized users are then detected and prevented from retrieving these resources. There have been many models of access control presented and used in the cloud domain, such as Attribute Based Access Control (ABAC) and Role Based Access Control (RBAC); however, these schemes suffered from many limitations, such as their difficulty using contextual information such as time, location of the user, type of device or the use of attributes residing in multiple and disparate locations, leading the performance of such approaches to be extremely low. To deal with these problems, we present a novel model of access control applied to Cloud computing called Hybrid attribute and role-based access control for cloud (HyARBAC). This proposal combines ABAC and RBAC to provide flexible and accurate access control that considers environmental information when controlling access and decreases administrator intervention to manage and control this task. In addition, this model is reinforced by integrating a moving target defense mechanism (MTD), considered an extra layer of security for deterring current and upcoming threats and trying to compromise the original attributes and their corresponding mechanisms of our authorization policies. After an experimental study applied to a healthcare database and comparison against ABAC and RBAC according to several performance features, the effectiveness of HyARBAC was proved to enhance access control.