CFP last date
22 April 2024
Reseach Article

Securing Data Storage by Extending Role based Access Control

by Mamoon Rashid, Rishma Chawla
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 90 - Number 18
Year of Publication: 2014
Authors: Mamoon Rashid, Rishma Chawla
10.5120/15822-4686

Mamoon Rashid, Rishma Chawla . Securing Data Storage by Extending Role based Access Control. International Journal of Computer Applications. 90, 18 ( March 2014), 28-34. DOI=10.5120/15822-4686

@article{ 10.5120/15822-4686,
author = { Mamoon Rashid, Rishma Chawla },
title = { Securing Data Storage by Extending Role based Access Control },
journal = { International Journal of Computer Applications },
issue_date = { March 2014 },
volume = { 90 },
number = { 18 },
month = { March },
year = { 2014 },
issn = { 0975-8887 },
pages = { 28-34 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume90/number18/15822-4686/ },
doi = { 10.5120/15822-4686 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:11:24.166915+05:30
%A Mamoon Rashid
%A Rishma Chawla
%T Securing Data Storage by Extending Role based Access Control
%J International Journal of Computer Applications
%@ 0975-8887
%V 90
%N 18
%P 28-34
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce administrative expenses. In this paper, we highlight the drawbacks of RBAC models in terms of access control and authorization and later provide a more viable extended-RBAC model, which enhances and extends its powers to make any Cloud Server more secure by adding valuable constraints. Later the Blobs are stored on cloud server which is then accessed by the end users via this Extended RBAC model. We describe a practical implementation of the proposed extended RBAC based architecture and discuss the performance results with its base models. We later show how the users with different premiums can access this architecture in a better way and also how the unknown users for this architecture can be denied the usage of services by adding valuable constraints.

References
  1. I. Foster, Y. Zhao, I. Raicu, and S. Lu, "Cloud computing and grid computing 360-degree compared," Grid Computing Environments Workshop, 2008. GCE'08, 2009, pp. 1-10.
  2. Cloud Security Alliance (CSA). "Security Guidance for Critical Areas of Focus in Cloud Computing V2. 1," (Released December 17, 2009). http://www. cloudsecurityalliance. org/guidance/csaguide. v2. 1. pdf
  3. R. Sandhu. Role hierarchies and constraints for latice-based access controls. " In E. Bertino, H. Kurth, G. Martella, and E Monotolivo Eds. LNCS 1146, Proceedings of the European Symposium on Research in Computer Security 1996, Rome, Italy.
  4. E. Bertino, P. A. Bonati, and E. Ferrari, TRBAC: A temporal role-based access control model," ACM Transactions on Information and System Security, 4(3):191-233, 2001.
  5. K. Devdatta and T. Anand, Context-aware role-based access control in pervasive computing systems," In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, 2008
  6. Z. Xinwen, O. Sejong, and S. Ravi, PBDM: a exible delegation model in RBAC," In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, 2003.
  7. S. Chakraborty and I. Ray, TrustBAC: integrating trust relationships into the RBAC model for access control in open systems," In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. Lake Tahoe, CA, 2006.
  8. E. Bertino, P. A. Bonati, and E. Ferrari, TRBAC: A temporal role-based access control model," ACM Transactions on Information and System Security, 4(3):191-233, 2001.
  9. H. Shen and F. Hong, A context-aware role-based access control model for web services," In Proceedings of the IEEE International Conference on e-Business Engineering, Beijing, China 2005.
  10. I. Ray and M. Toahchoodee, A spatio temporal role based access control model," In Proceedings of the 21st Annual IFIP WG 11. 3 Working Conference on Data and Applications Security, Redondo Beach, CA, 2007.
  11. I. Ray, M. Kumar, and L. Yu, LRBAC: A location-aware role-based access control model," In Proceedings of the 2nd International Conference on Information Systems Security, Kolkata, India, 2006.
  12. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-Based access control models," IEEE Computer, 29(2):38-47, 1996.
  13. D. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proc. of the NIST-NSA Nat. (USA) Comp. Security Conf. , pp 554-563, 1992
  14. M. Nyanchama and S. Osborn. Access rights administration in role-based security systems. In J. Biskup, M. Morgenstern, and C. E. Landwehr, editors, Database Security, VIII: Status and Prospects, pages 37-56. North-Holland, 1994.
  15. D. Ferraiolo, J. Cugini, and R. Kuhn. Role-based access control: Features and motivations. In Proc. of the Annual Computer Security Applications Conf. , IEEE Press, 1995.
  16. L. Giuri and P. Iglio. A formal model for role based access control with constraints. In proc. of the Computer Security Foundations Workshop, pp. 136-145. IEEE Press, 1996.
  17. R Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2), February 1996.
  18. D. Ferraiolo, D. Gilbert, and N. Lynch. An examination of federal and commercial access control policy needs. In Proc. of the NIST-NSA Nat. (USA) Comp. Security Conf. , pp 107-116, 1993
  19. C. Smith, E. Coyne, C. Youman and S. Ganta. Market analysis report: NIST small business innovative research (SBIR) grant: role based access control: phase 2. A marketing survey of civil federal government organizations to determine the need for role-based access control security product, SETA Corp. , July 1996.
  20. D. Ferraiolo, J. Barkley, and R. Kuhn. A role-based access control model and reference implementation within a corporate internet. ACM Transactions on Information and System Security, 2(1), 1999.
  21. H. Feinstein. Final report: NIST small business innovative research (SBIR) grant: role based access control: phase 2. SETA Corp. , October 1996.
  22. Microsoft Azure Documentation support onhttp://www. windowsazure. com/enus/develop/net/how-to-guides/blob-storage/
Index Terms

Computer Science
Information Sciences

Keywords

Authorization RBAC Blobs Server Architecture