Towards Semantic-Enhanced Attribute-Based Access Control for Cloud Services

Enterprises are adopting new business and IT models due to the growing trend of elastically scalable cloud- based collaboration services. However, enterprises are not fully embracing them because they do not want to expose their sensitive information to the cloud when someone collaborating with someone. Therefore, the paper proposes a semantic enhanced attribute-based access manager as a gatekeeper for cloud-based services so that authoritative service access can be achieved. The paper use universal resource identifier for attribute representation. The core of the approach is an access manager, which does not only providing a globally accessible attributes but also managing the entire service access decision process. Furthermore, we propose a rule-based representation scheme to represent service access policies, using a logic-based reasoning mechanism. In order to analyze the feasibility of the proposed approach, we select a cloud-based collaboration scenario and present the prototype implementation of it.