Access control in probative value cloud

Abstract

Access Control over large scale distributed system like Cloud computing are one of the most debated topics of computer security. Despite the common use and the popularity of the Cloud computing paradigm, significant risks and challenges are inherent to this new concept, especially when we talk about storage of sensitive data via insecure network. In this paper we look at the problem of protecting data from unauthorized access to the Cloud in the context of gSafe (government Safe) project. Indeed, gSafe project defines essential basic units for a probative storage Cloud. The cornerstone of the efficient cloud security architecture is a well-written access control policy. In today's information technology, many models of access control have been proposed like the Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC) and the latest one Usage Control Authorization, oBligation and Condition (UCONABc). In this paper we use six entities proposed in the UCONABC: Object, Subject, Right, Authorization, oBligation and Condition to model the access control management in the gSafe project. Then we present the XML scheme containing metadata for stored files and users' access authorizations. The proposed solution is validated and implemented over Hadoop distributed file system.