Stochastic programming-based dynamic authorization model for cloud services environments

Due to the complexity of service resources and the dynamics of application requirements in cloud computing, the objects and subjects of access control model constantly change. Consequently, traditional access control models no longer meet the requirements of cloud security. In this paper, a multi-objective decision-making model based on stochastic programming is proposed. By introducing new variables such as risk and utility, we are able to quantify the current state of the cloud environment. Afterwards, we can use this information to select appropriate safety decision variables to compute the model, taking the minimization of risk and the maximization of utility as the goals. The results obtained by solving the model can be used to allow or deny the user´s requests, while considering the dynamic structure of the cloud. In this way, the security of cloud resources can be assured at its core. The experimental results show that, depending on the user requirements and the current cloud environment, solving the model can effectively be used to grant the user the appropriate permissions to access different service resources.