A User-Centric Access Control Framework for Cloud Computing

Abstract

A huge amount of data is generated due to the growth of advanced information technology, online availability and easy access to cloud computing. In cloud computing, user can easily store and share their information across the cloud. With the rapid growth of cloud computing, user’s security and privacy has become a serious concern. Despite various existing security mechanisms, enterprises are still afraid of losing their outsourced data and unauthorized access. In most cases, access control mechanism and authorization rule follow a web application. This makes it limited, tightly bound to web application functionality and also doesn’t complete the security requirements for the individual user that results in poor protection against unauthorized access. To overcome the issue of privacy and protection, a suggestion is given in this study to empower the owner of any piece of data and information to protect their resource according to their own semantics. In this thesis, a new approach is presented that externalize access control policy and empower the user to control access on their data according to their semantics and wishes. The proposed framework provides PKI standard base secure access control mechanism and describes the protocol interface between the different components to enforce user-centric access control policy.