KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Self-Adaptive Access Control Delegation in Cloud Computing

Domain:Access Control, Cloud Computing Security

Status: Active

Contact Person(s): Ali Ahmed Malik , Awais Shibli 

In a dynamic cloud-computing environment, a lot of different Cloud Service Providers (CSPs) have to establish trusted relationships with each other, at runtime, in order to use each other’s resources. Through this relationship, end users can not only use resources of other trusted CSPs, but could also delegate access control to end users of other CSPs. There exist many frameworks and models to assist in delegating access control, but none of them handle uncertainty.

We’ve proposed a self-adaptive framework that caters for unprecedented conditions, i.e., conditions or situations that weren’t identified at the time of requirements engineering. For example, our framework uses a risk score for each user, on the basis of which the user may or may not be delegated the access. Frameworks proposed in the literature would handle only a certain pre-defined range of risk score, and either permit or deny access delegation, but our framework is self-adaptive, it even caters for the risk score that wasn’t defined at requirements engineering time, and based on user history and other situational factors adapts to this new risk score and then makes a decision on whether or not to allow access delegation.