Access control as a service for the Cloud

• Published in: Journal of internet services and applications Vol. 6; no. 1; p. 1
• Main Authors: Fotiou, Nikos, Machas, Apostolis, Polyzos, George C, Xylomenos, George
• Format: Journal Article
• Language: English
• Published: London Springer London 01.06.2015; Sociedade Brasileira de Computação
• Subjects: Computer Applications; Computer Communication Networks; Computer Science; Computer Systems Organization and Communication Networks; Cross-cloud Computing; Information Systems and Communication Service; IT in Business; Processor Architectures; Authorization; Policies; Security; Authentication; Delegation
• ISSN: 1867-4828; 1869-0238
• DOI: 10.1186/s13174-015-0026-4

Cloud computing has become the focus of attention in the computing industry. However, security concerns still impede the widespread adoption of this technology. Most enterprises are particularly worried about the lack of control over their outsourced data, since the authentication and authorization systems of Cloud providers are generic and they cannot be easily adapted to the requirements of each individual enterprise. An adaptation process requires the creation of complex protocols, often leading to security problems and “lock-in” conditions. In this paper we present the design of a lightweight access control solution that overcomes these problems. With our solution access control is offered as a service by a third trusted party, the Access Control Provider. Access control as a service enhances end-user privacy, eliminates the need for developing complex adaptation protocols, and offers data owners flexibility to switch among Cloud providers, or to use multiple, different Cloud providers concurrently. As a proof of concept, we have implemented and incorporated our solution in the popular open-source Cloud stack OpenStack. Moreover, we have designed and implemented a Web application that enables the incorporation of our solution into Google Drive.