Received: 23 March 2018 Revised: 21 May 2018 Accepted: 29 May 2018 DOI: 10.1002/ett.3458 RESEARCH ARTICLE A scalable multilabel-based access control as a service for the cloud (SMBACaaS) P. Chinnasamy P. Deepalakshmi Department of Computer Science and Engineering, School of Computing, Kalasalingam Academy of Research and Education, Krishnankoil-626 126, India Correspondence P. Chinnasamy, Department of Computer Science and Engineering, School of Computing, Kalasalingam Academy of Research and Education, Krishnankoil-626 126, India. Email: chinnasamyponnusamy@gmail.com; deepa.kumar@klu.ac.in Abstract Cloud computing is a shared pool area of computing resources, which might be accessed from anywhere and simply by just about anyone. The cloud's invaluable features, such as data availability and reduced hardware costs, have corporations moving their records into it en masse. Still, concerns about data security remain unaddressed because all data are managed and stored by third-party service providers in a pay-as-you-go model. The fundamental problem faced by enter- prizes is trustworthy access control, which is normally used to protect resources from unauthorized user accessibility. In this paper, we introduce a new solu- tion to overcome access control problems by implementing a multilabel-based scalable access control as a service for the cloud. The proposed access control can be offered as a cloud service such as Software as a Service, Infrastructure as a Service, and Platform as a Service. These access services are provided by the trusted third party, named the access control provider. From our results and comparative studies with Google Drive, Amazon S3, and OpenStack Swift, our model using the multilabel feature has demonstrated that it is able to enhance consumer privacy, improve access policy protection, and reinforce data security. 1 INTRODUCTION Cloud-based virtualization, utility computing, distributed computing, and service-oriented architecture are forms of web-based computing. They provide computing as a fifth power, following closely after the other four power resources: water, gas, electricity, and the mobile phone. 1 The primary advantages of the cloud include reduced hardware costs, no software installation, no software updating, scalability, security, availability, and so on. It offers different service-oriented models including Software as a Service (SaaS), Platform as a Service, and Infrastructure as a Service. 1 A number of com- mercial clouds have been built for different service models. Gmail, Google Docs, and Zoho Work Online are examples of SaaS systems, whereas Amazon Web Services, Rackspace, and IBM Blue Cloud are IaaS systems and Google App Engine 1-4 and Windows Azure represent PaaS systems. Thanks to these features, enterprize users need not invest in hard- ware, as well as software systems, or even appoint professionals to handle them. Computing services are also available in a pay-as-you-use method. 1,3,4 With cloud storage, storage service providers provide data owners scalable and variable savings in terms of both cost and security. Google Drive, Dropbox, OneDrive, and iCloud are famous storage services offered by assorted cloud providers (CPs). In general, sensitive information comprising medical data, military information, genome datasets, and govern- ment datasets are stored in a cloud. People typically assume that encoding provides complete security resolution in a cloud. However, encoding is simply one layer of enterprize security, though it is a major element of cloud storage security. Trans Emerging Tel Tech. 2018;e3458. wileyonlinelibrary.com/journal/ett © 2018 John Wiley & Sons, Ltd. 1 of 18 https://doi.org/10.1002/ett.3458