An access control model for cloud computing Younis A. Younis*, Kashif Kifayat, Madjid Merabti School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool L3 3AF, UK Keywords: Cloud computing Cloud computing security Access control models Task-Role Based Access Control Cloud based access control model abstract Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security re- quirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Mandatory Access Control (MAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil cloud’s access control requirements. This is because cloud computing has a diverse set of users with different sets of security requirements. It also has unique security challenges such as multi-tenant hosting and heterogeneity of security policies, rules and domains. This paper presents a detailed access control requirement analysis for cloud computing and identifies important gaps, which are not fulfilled by conventional access control models. This paper also proposes an access control model to meet the identified cloud access control requirements. We believe that the proposed model can not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permission to the same cloud user and gives him/her the ability to use multiple services securely. ª 2014 Elsevier Ltd. All rights reserved. 1. Introduction Cloud computing is an open standard model, which can enable ubiquitous computing and offer on-demand network access to a shared pool of configurable computing resources. It is Internet-centric and provides all of its resources as services such as storage, computation and communication. Cloud computing is a unique combination of capabilities and inno- vation technologies. It needs minimal management effort from service providers (Mell and Grance, 2011) and delivers scalable and dynamic infrastructure, global/remote access and usage control and pricing. Almost three-fourths of 572 surveyed business leaders, indicate that their companies have piloted, adopted or considerably implemented cloud computing in their organizations and 90% expect to have done so in next three years. Moreover, those companies who have substantially implemented cloud computing are expected to grow from 13% to 41% within the next three years (Berman and Kesterson-Townes, 2012). Security is one of the primary concerns and a major barrier to adopt cloud computing. Cloud computing may suffer from conventional distributed systems’ security attacks such as * Corresponding author. E-mail addresses: Y.A.-Younis@2012.ljmu.ac.uk, younis_amy@yahoo.com (Y. A. Younis). Available online at www.sciencedirect.com ScienceDirect journal homepage: www.elsevier.com/locate/jisa journal of information security and applications 19 (2014) 45 e60 http://dx.doi.org/10.1016/j.jisa.2014.04.003 2214-2126/ª 2014 Elsevier Ltd. All rights reserved.