B.Srinivasa Rao Int. Journal of Engineering Research and Applications www.ijera.com ISSN: 2248-9622, Vol. 6, Issue 2, (Part -6) February 2016, pp.36-44 www.ijera.com 36|Page A Framework for Predicate Based Access Control Policies in Infrastructure as a Service Cloud B.Srinivasa Rao*, Dr.G.Appa Rao** *(Department of Computer Science & Engineering, GITAM University, Visakhapatnam - 45) ** (Department of Computer Science & Engineering, GITAM University, Visakhapatnam - 45) ABSTRACT Infrastructure as a Service (IaaS) is the service with which IT of enterprises integrated for on-demand services. Different deployment models of cloud further makes it flexible so as to meet the requirements of users. As the customers’ policies are not same, Cloud Service Provider (CSP) needs a flexible architecture to ac commodate the varied requirements of customers with respect to access control. The existing access control models such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) have limitations. The combination of RBAC and ABAC also could not offer fine grained access control. We also studied the RBAC model offered by Open Stack and came to know its limitations in catering to diversified needs of customers. The One Size Fits for All policy cannot provide flexible access control due to the aforementioned reason. Therefore a more flexible access control model is required. In this paper we proposed a framework with Predicate Based Access Control (PBAC) in general and then implemented it in Open Stack. Our empirical results revealed that the proposed framework can improve the granularity with fine grained access control mechanism. Though our framework is at primitive stage, it shows significant step forward in access control policies for IaaS clouds. Keywords - Authorization, predicate based access control, Infrastructure as a Service, Open Stack, fine-grained access control I. INTRODUCTION Cloud computing has changed the way IT assets are maintained and used by enterprises. As a new computing paradigm cloud is able to serve organizations and individuals with huge pool of shared computing resources. Such resources can be accessed in pay per use fashion. There are many services being offered by cloud. The three important services are Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Out of these services, the IaaS is the widely used service which provides storage and other infrastructure services on demand. Cloud has been maturing functional aspects of IaaS. However, the security and access control mechanisms are yet to be improved further. For cloud users, security has been a concern as the data is outsourced to remote servers and treated as untrusted. Another reason for this is that the data of cloud user is not maintained in the local system and there is no matured interoperability between could service providers. In case of outsourcing of IT infrastructure there are many challenges to be addressed. In the cloud computing scenario access control is inevitable. Infrastructure related resources sc as IaaS and Virtual Machines (VM), networks and storage. With respect to traditional computing resources there are means to have controlled access to resources. Policies can be established and thus personnel stick to the policies while gaining access to the resources. However, in case of IaaS cloud the resources are virtual and remote in nature. The access control policies of this are very much different from that of physical world. The major issues include the policies of enterprises with in-house resources cannot be directly used with cloud computing environment as the resources are not owned by them. Different users want to have their own access control policies. Therefore keeping all of them built into the cloud infrastructure is not practically feasible. Therefore a flexible and feasible access control framework is desirable in the cloud computing environment. The present role based access control and extended role based access control mechanisms with attributes result in issues mentioned above. More fine grained access control is required in order to safeguard IaaS resources. Table 1 – Acronyms used Acronym Description IaaS Infrastructure as a Service RCFO Runtime Control Flow Obfuscation RBAC Role Based Access Control MAC Mandatory Access Control DAC Discretionary Access Control DRM Digital Rights Management TM Trust Management XACML eXtensible Access Control Mark-up Language RDA Remote Data Auditing MCC mobile cloud computing HPC High Performance Computing RESEARCH ARTICLE OPEN ACCESS