Improvement of role-based access control model in private cloud environments
Currently, cloud technologies are gaining in popularity. This is due to the rapid development of the Internet and related technologies. Currently, there are several types of clouds - generic, public, private and hybrid, each performing different tasks and meeting different requirements. Usually, org...
Saved in:
| Date: | 2019 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | Ukrainian |
| Published: |
Інститут проблем реєстрації інформації НАН України
2019
|
| Subjects: | |
| Online Access: | http://drsp.ipri.kiev.ua/article/view/199370 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Journal Title: | Data Recording, Storage & Processing |
Institution
Data Recording, Storage & Processing| id |
drspiprikievua-article-199370 |
|---|---|
| record_format |
ojs |
| spelling |
drspiprikievua-article-1993702020-03-31T09:05:06Z Improvement of role-based access control model in private cloud environments Удосконалення моделі керування доступом на основі ролей у приватних хмарних середовищах Volynets, O. Yu. Kulish, D. V. Pryimak, A. V. Yaremchuk, Ya. Yu. захист інформації приватні хмарні середовища моделі керування доступом ролі information security private cloud environments access control models roles Currently, cloud technologies are gaining in popularity. This is due to the rapid development of the Internet and related technologies. Currently, there are several types of clouds - generic, public, private and hybrid, each performing different tasks and meeting different requirements. Usually, organizations prefer to use a private cloud. As multiple organization units can be stored in one cloud, the issue of access control and data security is very important. An analysis and comparison of the most common and well-known modifications of the RBAC model — MT-RBAC, CAACM, GEO-RBAC, SAT-RBAC and ABAC showed that the correctness of the granting access is between 72 % and 96 %, in addition, they are also essential disadvantages such as low configuration flexibility, the need to pre-define the access policy, and when it is modified, the need to modify the product itself. The possibility of improving the RBAC authorization model has been investigated, and an expression-based (conditional) authorization model has been proposed that consists of 9 steps and dynamically determines access to a resource or operation, depending on the current configuration. The flexibility is achieved by using expressions (a set of certain conditions) that can be modified while the application is running. Expressions can be combined with each other, allowing one to form any combination depending on the needs of the enterprise. This makes the security more robust and the authorization process more flexible and open to modification. Each user is assigned a set of parameters and an operation or resource is a set of expressions. During authorization, user data is used as an expression parameter and allows successful access when it met all needs. The testing of the proposed model was conducted in Joyent's private cloud infrastructure, and the obtained results were on average 11% higher than the MT-RBAC model, 7.5% higher than CAACM, 11.5% higher than GEO-RBAC, and 1.5% and 8% higher than the SAT-RBAC and ABAC models respectively, which confirms the high accuracy, reliability and superiority over its competitors. Tabl.: 2. Fig.: 4. Refs: 9 titles. Розроблено гібридну модель авторизації на основі виразів і RBAC, яка складається з 9 кроків і динамічно дає рішення про доступ до ресурсу чи операції залежно від поточного налаштування, а також проведено порівняння запропонованої моделі з існуючими. Отримані результати показали, що запропонована модель має вищий коефіцієнт правильнос-ті надання доступу користувачеві в середньому на 1,5–11,5 %. Інститут проблем реєстрації інформації НАН України 2019-12-24 Article Article application/pdf http://drsp.ipri.kiev.ua/article/view/199370 10.35681/1560-9189.2019.21.4.199370 Data Recording, Storage & Processing; Vol. 21 No. 4 (2019); 49-57 Регистрация, хранение и обработка данных; Том 21 № 4 (2019); 49-57 Реєстрація, зберігання і обробка даних; Том 21 № 4 (2019); 49-57 1560-9189 uk http://drsp.ipri.kiev.ua/article/view/199370/199724 Авторське право (c) 2021 Реєстрація, зберігання і обробка даних |
| institution |
Data Recording, Storage & Processing |
| baseUrl_str |
|
| datestamp_date |
2020-03-31T09:05:06Z |
| collection |
OJS |
| language |
Ukrainian |
| topic |
information security private cloud environments access control models roles |
| spellingShingle |
information security private cloud environments access control models roles Volynets, O. Yu. Kulish, D. V. Pryimak, A. V. Yaremchuk, Ya. Yu. Improvement of role-based access control model in private cloud environments |
| topic_facet |
захист інформації приватні хмарні середовища моделі керування доступом ролі information security private cloud environments access control models roles |
| format |
Article |
| author |
Volynets, O. Yu. Kulish, D. V. Pryimak, A. V. Yaremchuk, Ya. Yu. |
| author_facet |
Volynets, O. Yu. Kulish, D. V. Pryimak, A. V. Yaremchuk, Ya. Yu. |
| author_sort |
Volynets, O. Yu. |
| title |
Improvement of role-based access control model in private cloud environments |
| title_short |
Improvement of role-based access control model in private cloud environments |
| title_full |
Improvement of role-based access control model in private cloud environments |
| title_fullStr |
Improvement of role-based access control model in private cloud environments |
| title_full_unstemmed |
Improvement of role-based access control model in private cloud environments |
| title_sort |
improvement of role-based access control model in private cloud environments |
| title_alt |
Удосконалення моделі керування доступом на основі ролей у приватних хмарних середовищах |
| description |
Currently, cloud technologies are gaining in popularity. This is due to the rapid development of the Internet and related technologies. Currently, there are several types of clouds - generic, public, private and hybrid, each performing different tasks and meeting different requirements. Usually, organizations prefer to use a private cloud. As multiple organization units can be stored in one cloud, the issue of access control and data security is very important. An analysis and comparison of the most common and well-known modifications of the RBAC model — MT-RBAC, CAACM, GEO-RBAC, SAT-RBAC and ABAC showed that the correctness of the granting access is between 72 % and 96 %, in addition, they are also essential disadvantages such as low configuration flexibility, the need to pre-define the access policy, and when it is modified, the need to modify the product itself. The possibility of improving the RBAC authorization model has been investigated, and an expression-based (conditional) authorization model has been proposed that consists of 9 steps and dynamically determines access to a resource or operation, depending on the current configuration. The flexibility is achieved by using expressions (a set of certain conditions) that can be modified while the application is running. Expressions can be combined with each other, allowing one to form any combination depending on the needs of the enterprise. This makes the security more robust and the authorization process more flexible and open to modification. Each user is assigned a set of parameters and an operation or resource is a set of expressions. During authorization, user data is used as an expression parameter and allows successful access when it met all needs. The testing of the proposed model was conducted in Joyent's private cloud infrastructure, and the obtained results were on average 11% higher than the MT-RBAC model, 7.5% higher than CAACM, 11.5% higher than GEO-RBAC, and 1.5% and 8% higher than the SAT-RBAC and ABAC models respectively, which confirms the high accuracy, reliability and superiority over its competitors. Tabl.: 2. Fig.: 4. Refs: 9 titles. |
| publisher |
Інститут проблем реєстрації інформації НАН України |
| publishDate |
2019 |
| url |
http://drsp.ipri.kiev.ua/article/view/199370 |
| work_keys_str_mv |
AT volynetsoyu improvementofrolebasedaccesscontrolmodelinprivatecloudenvironments AT kulishdv improvementofrolebasedaccesscontrolmodelinprivatecloudenvironments AT pryimakav improvementofrolebasedaccesscontrolmodelinprivatecloudenvironments AT yaremchukyayu improvementofrolebasedaccesscontrolmodelinprivatecloudenvironments AT volynetsoyu udoskonalennâmodelíkeruvannâdostupomnaosnovírolejuprivatnihhmarnihseredoviŝah AT kulishdv udoskonalennâmodelíkeruvannâdostupomnaosnovírolejuprivatnihhmarnihseredoviŝah AT pryimakav udoskonalennâmodelíkeruvannâdostupomnaosnovírolejuprivatnihhmarnihseredoviŝah AT yaremchukyayu udoskonalennâmodelíkeruvannâdostupomnaosnovírolejuprivatnihhmarnihseredoviŝah |
| first_indexed |
2025-07-17T10:57:48Z |
| last_indexed |
2025-07-17T10:57:48Z |
| _version_ |
1850411412237582336 |