International Conference on Recent Trends in Engineering & Technology (ICRTET2012) ISBN: 978-81-925922-0-6 142 Policy-based Framework for Access Control in Cloud Computing Subhash Chandra Patel* Department of Computer Engineering Indian Institute of Technology, Banaras Hindu University Varanasi, India scpatel.rs.cse@itbhu.ac.in Lokendra Singh Umrao Department of Computer Engineering Indian Institute of Technology, Banaras Hindu University Varanasi, India Lokendra.manit@gmail.com Dr. Ravi Shankar Singh Department of Computer Engineering Indian Institute of Technology, Banaras Hindu University Varanasi, India ravi.cse@itbhu.ac.in Abstract— One of the most challenging issue in cloud computing is access control and data security because User of the cloud outsourced their sensitive data and information to cloud provider’s servers which is not within the same trusted domain as data owner. Cloud Computing is a large-scale distributed computing paradigm which is based on Web Services over the Internet. Internet has many inherent security defects because of its openness. It has many other attacks and threats. In this paper we propose a Framework and the components of policy base access control mechanism that is suitable for access control. Keywords- cloud computing; internet; risks and security I. INTRODUCTION Cloud Computing is a large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet[1]. Cloud computing is only a different way to deliver computing resources, rather than a new technology, it has a revolution in the way organizations provide information and service. changes the way we think about technology[2]. Cloud is a computing model providing web-based software, middleware and computing resources on demand, in which services, resources, and applications are provided on metered basis over the Internet. It is an Internet-based computing solution where shared resources/services are provided like electricity distributed on the electrical grid. The cloud computing provide basically three type of services. Software as a service(SaaS) in which the cloud service provider provides applications and software over a network. Google Docs[3], Facebook[4], Gmail[5], Yahoo[5] are the example of SaaS, Platform as a Service(PaaS) provides application or development platform in which user can create their own application that will run on the cloud, example of PaaS are Microsoft’s Azure[6], Google’s App Engine(App Engine)[7], Yahoo Pig[8] and third type of cloud service is Infrastructure as a service (IaaS), the whole cloud infrastructure, including servers, routers, hardware based load-balancing, firewalls, storage and other network equipment is provided by the IaaS provider i.e. Amazon S3[9], Amazon EC2[10]. The cloud computing can be deployed as public cloud ,private cloud, hybrid cloud and community cloud. Public clouds are publicly available and can serve multiple tenants, examples of public Cloud: Google App Engine, Microsoft Windows Azure[11], IBM Smart Cloud[12] and Amazon EC2 while private cloud is typically a tailored environments with dedicated virtualized resources for particular organization examples of private clouds are Eucalyptus[13], Ubuntu Enterprise Cloud – UEC[14], Amazon VPC (Virtual Private Cloud)[15], VMware Cloud Infrastructure Suite[16], Microsoft ECI data center[17]. Similarly , community cloud is tailored for a particular group of customers Google Apps for Government, Microsoft Government Community Cloud are the example of community cloud. Hybrid cloud is composed of multiple clouds like Windows Azure (capable of Hybrid Cloud), VMware vCloud (Hybrid Cloud Services). II. LITERATURE REVIEW To overcome from security during access the services or applications many researchers has presented effective mechanisms and methods for access control i.e. Vibhaj et al [18] proposed an innovative mechanism to achieve flexible access control during co-ordinate resource sharing in enterprise grid environment. The mechanism proposes a new model for users, resources and their relationships which define co-ordination and access control. The solution targets to satisfy the demands usually found in enterprise environments with respect to controlled sharing of resources. In addition Ravi Shankar et al [19] presented a Key- Chain-Web access control mechanism which expands the usability of the mechanism in different scenarios. The Key- Chain-Web mechanism is based on three entities Users (keys), Resources (chains) and Relationships (webs). In addition, chain members representing relationship among users and