AR-ABAC: A New Attribute Based Access Control Model Supporting Attribute-Rules for Cloud Computing

One of the most important challenges that have threatened cloud computing and caused its slow adoption is security. Since clouds have diverse groups of users with different sets of security requirements, restricting the users´ accesses and protecting information from unauthorized accesses have become the most difficult tasks. To address these critical challenges, in this paper we first formalize Attribute Based Access Control (ABAC) and propose a new access control model, called Attribute-Rule ABAC (AR-ABAC), for cloud computing to meet critical access control requirements in clouds. Our model supports the attribute-rules that deal with the association between users and objects, as well as the capability for accessing objects based on their sensitivity levels. The attribute-rules specify an agreement that determines what kind of attributes should be used and the number of attributes considered for making access decisions. In addition, our model ensures secure resource sharing among potential untrusted tenants and supports different access permissions to the same user at the same session.