Optimizing Access Control Performance for the Cloud

Slim Trabelsi, Adrien Ecuyer, Paul Cervera Y Alvarez, Francesco Di Cerbo

Abstract

Cloud computing is synonym for high performance computing. It offers a very scalable infrastructure for the deployment of an arbitrarily high number of systems and services and to manage them without impacts on their performance. As for traditional systems, also such a wide distributed infrastructure needs to fulfil basic security requirements, like to restrict access to its resources, thus requiring authorization and access control mechanisms. Cloud providers still rely on traditional authorization and access control systems, however in some critical cases such solutions can lead to performance issues. The more complex is the access control structure (many authorization levels, many users and resources to protect); the slower is the enforcement of access control policies. In this paper we present a performance study on these traditional access control mechanisms like XACML, which computes the overhead generated by the authorizations checking process in extreme usage conditions. Therefore, we propose a new approach to make access control systems more scalable and suitable for cloud computing high performance requirements. This approach is based on a high speed caching access control tree that accelerates the decision making process without impacting on the consistency of the rules. Finally, by comparing the performance test results obtained by our solution to a traditional XACML access control system, we demonstrate that the ACT in-memory approach is more suitable for Cloud infrastructures by offering a scalable and high speed AC solution.

References

  1. Z. Tang, J. Wei, A. Sallam, K. Li, R. Li, “ A New RBAC Based Access Control Model for Cloud Computing”, 7th International Conference, GPC 2012, Hong Kong, China, May 11-13, 2012. Proceedings, pp 279-288
  2. J. J. Bascou L. Gallon A. Gabillon, M. Munier and E. Bruno, « An access control model for tree data structures”. In ISC 7802 Proceedings of the 5th International Conf. on Information Security, 2002.
  3. A. W. Leung, E. L. Miller, and S. Jones. Scalable security for petascale parallel file systems. In SC 7807: Proceedings of the 2007 ACM/IEEE conference on Supercomputing, pages 1-12, New York, NY, USA, 2007. ACM. ISBN 978-1-59593-764-3. doi: http://doi.acm.org/10.1145/1362622.1362644.
  4. Z. Niu, H. Jiang, K. Zhou, T. Yang, and W. Yan. Identification and authentication in large-scale storage systems. Networking, Architecture, and Storage, International Conference on, 0:421-427, 2009.
  5. J. Hwang A.X. Liu, F. Chen and T. Xie. Designing fast and scalable xacml policy evaluation engines. IEEE Transactions on Computers, Dec 2011.
  6. A. Squicciarini S. Maruf, M. Shehab and S. Sundareswaran. Adaptive reordering and clustering based framework for efficient xacml policy evaluation. IEEE Transactions on Services Computing, Oct-Dec 2011.
  7. J. Daly J. Brown and A. Gregory. The xengine policy decision point for xacml 3.0. Computer security project in Department of Computer Sciences at the Michigan State University, 26 Oct 2011.
  8. Popa, Lucian, Minlan Yu, Steven Y. Ko, Sylvia Ratnasamy, and Ion Stoica. "CloudPolice: taking access control out of the network." In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 7. ACM, 2010.
  9. Punithasurya K and Jeba Priya S. Article: Analysis of Different Access Control Mechanism in Cloud. International Journal of Applied Information Systems 4(2):34-39, September 2012. Published by Foundation of Computer Science, New York, USA.
  10. C.K. K. Reddy, P.R Anisha, K.S. Reddy, S.S. Reddy, “Third Party Data Protection Applied To Cloud and Xacml Implementation in the Hadoop Environment With Sparql”, IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278 - 0661 Volume 2, Issue 1 (July - Aug. 2012), PP 39 - 46
  11. Reeja S L, “Role Based Access Control Mechanism in Cloud Computing using co-operative secondary authorization Recycling Method”, 2012. International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN pp. 2250-2459, Volume 2, Issue 10, October 2012)
  12. Amazon Simple Storage Service (Amazon S3). Amazon, b. http://aws.amazon.com/s3/.
  13. Atmos Online Programmer's Guide. EMC, a. https:// community.emc.com/docs/DOC-3481, accessed Jan 12, 2010.
  14. D. Harnik, E. K. Kolodner, S. Ronen, J. Sataran, A. Shulman-Peleg, S. Tal,”Secure Access Mechanism for Cloud Storage”, Journal of Scalable Computing: Practice and Experience Volume 12, Number 3, pp. 317-336. http://www.scpe.org
  15. Plattner, H. "A common database approach for OLTP and OLAP using an in-memory column database." Proceedings of the 2009 ACM SIGMOD International Conference on Management of data. ACM, 2009.
Download


Paper Citation


in Harvard Style

Trabelsi S., Ecuyer A., Cervera Y Alvarez P. and Di Cerbo F. (2014). Optimizing Access Control Performance for the Cloud . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 551-558. DOI: 10.5220/0004854005510558


in Bibtex Style

@conference{closer14,
author={Slim Trabelsi and Adrien Ecuyer and Paul Cervera Y Alvarez and Francesco Di Cerbo},
title={Optimizing Access Control Performance for the Cloud},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2014},
pages={551-558},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004854005510558},
isbn={978-989-758-019-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Optimizing Access Control Performance for the Cloud
SN - 978-989-758-019-2
AU - Trabelsi S.
AU - Ecuyer A.
AU - Cervera Y Alvarez P.
AU - Di Cerbo F.
PY - 2014
SP - 551
EP - 558
DO - 10.5220/0004854005510558