Enhanced Access Control Mechanism for Cloud Services Using Trust Based Fuzzy Logic

45

Enhanced Access Control Mechanism for Cloud Services Using Trust Based Fuzzy Logic

J. Persis Jessintha

¹

, Dr. R. Anbuselvi

²

1Assistant Professor, ²Associate Professor, Department of Computer Science, Bishop Heber College, Tiruchirapalli,India

1[email protected], ²[email protected]

Abstract: The problem of secure access control towards the cloud services has been considered. Number of approaches has been presented by different researchers which uses different measures and methods. But the methods suffers to achieve the required performance in restricting the user from malicious access. To improve the performance of the cloud and the services, an enhanced trust with fuzzy logic approach is discussed in this paper. The ETFL (Enhanced Trust Fuzzy Logic) algorithm maintains the trace of service access in the access log which contains many information about the service access and their states. From the access log, the method generates the fuzzy rules based on the services accessed and their state. This is performed based on various user access and using them, a trust weight is computed based on the service history of specific user.

Based on computed trust weight the user has been restricted from accessing the service. The method improves the performance of access control efficiency and reduces the false rate also.

Keywords: Cloud Security, Access Control, Cloud Services, Trust Based Access, Fuzzy Logic.

I.

I

NTRODUCTION

The modern Information Technology has opened the gate to perform various activities of any organization or individual to be executed from their own location. But the task is achieved by accessing the services provided.

The most organizations maintain their information in a cloud which is highly costlier. They allow their employee or the users to access the data available in the cloud through certain services. The services perform the background task of the required process to fulfill the user request. As the cloud maintains various information of the organization, it may contain different sensitive or secret information belongs to the organization or individual. Such secret information has to be safeguard from malicious access.

The cloud security is the major issue considered in this decade[1]. It is because of the loosely coupled nature of the cloud. The cloud is the environment where the service provider does not know anything about the user who access the service. This makes possible for the malicious user to perform illegal activities in the cloud.

It questions the security of data available in the cloud which is belongs to the organization. There are many incidents of malicious attack produced by the registered users. So the cloud security has to be enhanced to achieve efficient performance.

The cloud security has been implemented using different methods as service level and data level[2].

The cloud services are provided in different level from

the Saas (software as a service) to the IaaS (infrastructure as a Service). In all the levels, there will be services provided by the service provider. Towards the cloud security of services, different approaches has been discussed earlier. The basic approach is a password or key based approach. The key based approaches uses a different key for different user where the user has been authenticated using the key[6]. When a malicious user would get the key of another, still he can perform malicious activity over the cloud resources. Further, role based approaches are discussed which restrict the user based on their role. The method maintains a taxonomy which contains list of roles and the list of services allocated to them. Based on the role of the user, the system would restrict the user.

The attribute level access restriction methods are available in the literature. They restrict the user in attribute level based on the grants available for the user.

But there will be services which is allowed to the user but the attributes accessed by the service is not granted to the user. In this case, the system struggle to perform access restriction in efficient manner. All these issues, claims the requirement of certain strategically approach to improve the cloud security. In recent days, the trust based approaches[1][2][3] are upcoming, where the trust is computed not only based on the taxonomy but also with the access history of any user . However, the user would access the same service many times but it is not necessary that he would have completed all the stages. So there will be incomplete status of the service access. This paper considers such logs and present a trust based fuzzy logic algorithm. The fuzzy rules are generated from the access log of the users and could be used to perform access restriction by computing the trust weight. The detailed approach is discussed in the next sections.

II.

L

ITERATURE

S

URVEY

In paper [5], various mechanisms for establishing trust is discussed and to focus on to the limitations, trust mechanisms based on repitationand attribute certification are made. According to [6], the main focus is on user satisfaction. To enhance this client end based threshold security mechanism with Graded-Attribute based solution is used. [7], proposed a trust model to ensure a reliable file exchange among users in private cloud.In paper [8], the importance of gaining clients trust against the service provider is discussed in various dimensions and an idea to improve users trust to store sensitive data made in the third party storage is also

46

discussed. [13], describes a method that includes Trust based access control and fuzzy expert systems to enhance human computation for calculating the working ability with respect to their experience. In paper [18], improving authorization by using fuzzy logic based trust calculation is done. Paper [22], discusses about the predicate based access control mechanism and also deals with calculating trust based on predicate.

III.

P

ROPOSED

E

NHANCED

T

RUST

C

ALCULATION

W

ITH

F

UZZY

L

OGIC Consider there exist N number of services in the cloud which access the data present in the cloud which can be accessed by the k number of users. However not all the user k_i has access to all the services. The access trace has been present in the access log Al. based on the access log and the taxonomy , restricting the illegal access Il from the user K_j is the problem here. To restrict the user K_j, the trust weight has to be computed using the other users access history and fuzzy rules.

The fuzzy rules has to be generated based on the access log and trust weight has to be measured for the user based on that.

A. Fuzzy Rule Generation:

The fuzzy rule has different features and for each feature there will be a range value. In this approach, the services has different levels like access, update, delete.

For each category, there will be a range value to represent the rule. To generate the rule for a specific service, the access log AL has been used.

Consider the access log Al, has N number of traces where each trace T_i, represent the access of a service S_i, made by the user U_i. Similarity each service has two states namely complete and incomplete. The service state end with a complete status while the service is executed and finished successfully otherwise it ends up with a incomplete status. By identifying the logs towards a specific service and their related types, the logs can be split. Using the identified logs, the total number of access of each can be estimated using the below formulae.

Service set Ss = 𝑠𝑒𝑟𝑣𝑖𝑐𝑒 ∪ 𝑆𝑒𝑟𝑣𝑖𝑐𝑒(𝑠𝑖) (1) The si refers to the service being requested and Service(si) refers to the related service.

From the logs available, the logs related to the service set Ss has been separated as follows:

Service log sl = ^{𝑠𝑖𝑧𝑒 (𝐴𝑙)}_𝑖=1 𝑠𝑙 ∪ 𝐴𝑙 𝑖 . 𝑠𝑒𝑟𝑣𝑖𝑐𝑒 ∈ 𝑠𝑠 (2) Now for each type of service sk, the fuzzy value has been computed as follows:

The minimum and maximum values has been computed based on the access at each time window. First the log has been split into number of time window.

Time window log Tl = ^𝑁𝑡_𝑖=1𝑆𝑙 𝑗 . 𝑇𝑖𝑚𝑒 == 𝑖 (3) Now for each time window, the number of times the service accessed is computed based on the following equation.

Number of service access Nsa = size(Tl.TimeWindow) (4) Compute number of success completion Nsc =

𝑇𝑙. 𝑇𝑖𝑚𝑒. 𝑖. 𝑆𝑡𝑎𝑡𝑢𝑠 == 𝑆𝑢𝑐𝑐𝑒𝑠𝑠

𝑠𝑖𝑧𝑒 (𝑇𝑙.𝑇𝑖𝑚𝑒 )

𝑖=1 (5)

Now in total to generate a rule.

Compute minimum service access value Min- Access = Min(Nsa ∀𝑁𝑠𝑎 ∀ 𝑇𝑖𝑚𝑒𝑤𝑖𝑛𝑑𝑜𝑤) (6) Compute maximum service access value Max-Access = Max(Nsa ∀𝑁𝑠𝑎 ∀ 𝑇𝑖𝑚𝑒𝑤𝑖𝑛𝑑𝑜𝑤) (7) Compute minimum success completion Min-Sc = Min(Nsc ∀𝑁𝑠𝑐 ∀ 𝑇𝑖𝑚𝑒𝑤𝑖𝑛𝑑𝑜𝑤)

Compute maximum success completion Max-Sc = Max(Nsc ∀𝑁𝑠𝑐 ∀ 𝑇𝑖𝑚𝑒𝑤𝑖𝑛𝑑𝑜𝑤) (8) Similarly, N number of rules will be generated for the available services in the cloud.

Once the rules have been generated, then at the time receiving a user request, you can estimate the trust weight as follows:

B. Trust Weight Estimation:

The user may access the service for number of times according to his requirement. But the number of service should be within a limit. Similarly the number of successful completion also should be over a threshold.

These two factors are considered for the estimation of trust weight. The trust weight has been estimated as follows:

First the total number of times the service being accessed is computed. It has been estimated as follows:

Number of access by user Unac = 𝑆𝑙 𝑖 . 𝑢𝑠𝑒𝑟 == 𝑈𝑠𝑒𝑟

𝑠𝑖𝑧𝑒 (𝑆𝑙)

𝑖=1 (9)

Number of successful completion UNsc = 𝑆𝑙 𝑖 . 𝑢𝑠𝑒𝑟 == 𝑈𝑠𝑒𝑟

𝑠𝑖𝑧𝑒 (𝑆𝑙)

𝑖=1 && 𝑠𝑙 𝑖 . 𝑠𝑡𝑎𝑡𝑢𝑠 ==

𝑠𝑢𝑐𝑐𝑒𝑠𝑠 (10)

Now the trust weight for the user has been computed as follows:

Compute average distance on services access Ads =

𝐷𝑖𝑠𝑡 𝑅.𝑀𝑖𝑛𝐴𝑐𝑐𝑒𝑠𝑠 ,𝑈𝑛𝑎𝑐 +𝐷𝑖𝑠𝑡 (𝑅.𝑀𝑎𝑥𝐴𝑐𝑐𝑒𝑠𝑠 −𝑈𝑛𝑎𝑐 )

2 (11)

Compute average distance on service completion Adsc

= 𝐷𝑖𝑠𝑡 𝑅.𝑀𝑖𝑛𝑆𝑐 ,𝑈𝑛𝑠𝑐 +𝐷𝑖𝑠𝑡 (𝑅.𝑀𝑎𝑥𝑆𝑐 −𝑈𝑛𝑠𝑐 )

2 (12)

Compute Trust weight Tw = Adsc/Ads. (13)

47

Computed trust weight has been used to perform access restriction.

C. ETFL Access Restriction:

The access restriction in this approach is performed based on the fuzzy rule and trust weight. The fuzzy rule is used to estimate the trust weight with the help of access logs available. To perform access restriction, first the trust weight is computed using the previous algorithm. Now when the trust weight is available, with the threshold support, the access restriction can be performed as follows:

Receive the user request.

Identify user and service requested.

Generate Fuzzy Rule

Obtain trust weight Tw for the user.

If Tw>Tsupport then Allow access Else

Deny access.

End

IV.

R

ESULTS

A

ND

D

ISCUSSION

The proposed ETFL model for access restriction scheme has been implemented and evaluated for its performance. The method has produced efficient results in different parameters considered.

Table 1. Details of Simulation

Parameter Value

Protocol ETFL

Tool Used Advance Java

Number of Services 100

Number of Attributes 500

The Table 1, shows the details of simulation being used to evaluate the performance of the proposed ETFL algorithm.

Table 2. Comparative Result on Access Restriction Performance

Method

Access Restriction Performance % 50 Services 75 Services 100

Services

PBAC 81 85 89

ETFL 84 89 91.6

The Table 2, presents the comparative result on access restriction performance produced by different methods

on varying number of services. The results show that the proposed ETFL algorithm is good.

Table 3. Comparative Result on Time Complexity

Techniques

Time Complexity in seconds 50

Services

75 Services

100 Services

PBAC 56 65 76

ETFL 37 46 63

The Table 3, presents the comparative result on time complexity performance produced by different methods on varying number of services. The results show that the proposed ETFL algorithm has reduced time complexity in all the number of services considered.

Table 4. Comparative Result on Access Restriction Performance

Techniques

Throughput Performance % 50

Services

75 Services

100 Services

PBAC 78 85 91

ETFL 81 87 92.3

The Table 4, presents the comparative result on throughput performance produced by different methods on varying number of services. The results show that the proposed ETFL algorithm has improved the throughput performance in all the number of services considered.

Fig. 2. Comparison on Access Restriction Performance The Figure 2, shows the comparative result on access restriction produced by different methods. The result shows that the proposed ETFL algorithm has produced higher access restriction performance than other methods considered.

75 80 85 90 95

PBAC ETFL Access Restriction Performacne %

Access Restriction Performance

50 Services 75 Services 100 Services

48

Fig. 3. Comparison on throughput performance The Figure 3, shows the comparison on throughput performance produced by different methods and shows that the proposed ETFL algorithm has produced higher throughput than other methods.

Fig. 4.: Comparison on time complexity The Figure 4, shows the comparison on time complexity produced by different methods and shows clearly that the proposed ETFL algorithm has produced less time complexity than others.

V.

C

ONCLUSION

In this paper, an ETFL model for access restriction in cloud environment has been presented. The method monitors the service access of the users and logs different state and their status to the access trace. Using the access trace available the method generates a fuzzy rule for different services. Using the rule generated and the service access of the user, the method estimates the trust weight. Based on the trust weight, the method restrict the user from illegal access. The method produces efficient results in access restriction upto 91.6

% and throughput performance has been increased up to 92.3%. Also the time complexity of access restriction has been hugely reduced.

VI.

R

EFERENCES

[1] Abdul Fahad Rahman, Neethu V M, Ranjith T K, Radhika K, Ranjith Ashok, Nicy K S

MACINTOS: Mutual Access Control in Trust Oriented Security Model in Cloud Computing”

Internatioanl Journal of Computer Trends and Technology, Vol. 28, October-2015, PP:100-103.

[2] Atoosa Gholami and Mostafa Ghobaei Arani, Mahallat, Tehran “A Trust model Based on Quality of Service in Cloud Computing Environment” International Journal of Database Theory and Application, Vol. 8, 2015, PP:161- 170.

[3] Bagher Rahimpourcami, Hamid Hassanpour “A Reputation-Based Trust Model with Fuzzy Approach and Dp,q- Distance Technique for Peer- To- Peer Networks” International Journal of Computer Applications(0975-8887) Vol. 37, January-2012, PP:41-44.

[4] Chenhao Qu and Rajkumar Buyya “A Cloud Trust Evaluation System Using Hierarchical Fuzzy Inference System for Service Selection”

IEEE 28th International Conference on Advanced Information Networking and Applications, 2014, PP:850-857.

[5] Chunsheng Zhu, Hasen Nicanfar, Victor C.M.

Leung, Laurence T. Yang, “An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration, IEEE transactions on Information Forensics And Scurity, Vol. 10, January-2015, PP. 118-131.

[6] Chandana. V. R Radhika Govankop, Rashmi N and R. Bharathi “GASBE: A Graded Attribute- Based Solution For Access Control in Cloud Computing” International Conference On Advances in Computer and Electrical Engineering, November-2012, PP:79-81.

[7] Edna Dias Canedo, Rafael Timoteo de Sousa Junior, and Robson de Oliveira Albuquerque,

“Trust Model For Reliable File Exchange In Cloud Computing”, International Journal Of Computer Science & Information Technology (IJCSIT), Vol 4, No.1, Feb2012, PP.1-18.

[8] Fatima Zohra Filali, Belabbes Yagoubi “Global Trust: A Trust Model for Cloud Service Selection” International journal Computer Network And Information Security, April-2015, PP:41-50.

[9] Guoyuan Lin, Yuyu Bie, Min Lei “Trust Based Access Control Policy in Multi-domain of Cloud Computing” Journal Of Computers, Vol. 8, No.5, May-2013. PP:1357-1365.

[10] Harsh Saki, Jitendra Dangra, “TTSM: Trust Thershold Security Model For User Assured Security In Cloud Computing” , International 0

50 100

PBAC ETFL

Throughput Performacne %

Throughput Performance

50 Services 75 Services

0 20 40 60 80 100

50 Services 75 Services 100 Services Time COmplexity in Seconds

Time Complexity

49

Journal Of Computer Applications ,Volume 98- no.13,July 2014,PP.28-33.

[11] Jingwei Huang and David M Nicol,”Trust mechanisms for cloud computing”, Journal of cloud computing,2013,PP:1-14.

[12] R. Josephmanoj and Dr. A. Chandrasekar, “A Literature Review On Trust Management In Web Services Access Control”, International Journal On Web Service Computing, Vol 4,No.3,sept 2013,PP.1-19.

[13] R. Kalachelvi, Dr. L. Arockiam, Enhanced User Access Control Architecture For Cloud Storage, International Journal Of Advanced Research In Computer Science And Soft Engineering, ISSN:

2277128X, Volume 4, March 2014, PP.1111-1116 [14] Kawser Wazed Nafi, Tonny Shekha Kar, Md.

Amjad Hossain, M.M.A Hasem “An Advanced Certain Trust Model Using Fuzzy Logic and Probabilistic Logic Theory” International Journal of advanced Computer Science and Applications, Vol. 3, 2012, PP:164-173.

[15] Manisha Sinha, Dr. Sanjay Silakari and Dr.

Rajeev Pandey “Trust Based Mechanism for Secure Cloud Computing Environment: A survey”

International Journal of Engineering Science Invention, ISSN:2319-6734, March-2016, PP:17- 23.

[16] Mauro Jose A.de Melo, Zair Abdelouahab “A Study of Access Control In Cloud Computing Environment” International Journal of Computers And Technology, Vol. 3, Nov-Dec-2013, PP:453- 457.

[17] Mustapha Ben Saidi, Anas Abou Elkalam, Abderrahim Marzouk, “TOrBAC: A Trust Organization Based Access Control Model for Cloud Computing Systems” International Journal of Soft Computing and Engineering, ISSN-2231- 2307, Vol. 2, September-2012 PP:122-130.

[18] J. Persis Jessintha, Dr. R. Anbu Selvi

“Aggrandizing Authorization by Enhancing Trust Using Fuzzy Logic In Cloud Computing”

International Journal of Applied Engineering Research, ISSN:0973-4562, Vol. 10 No.82, 2015, PP:538-542.

[19] Punithasurya K, Jeba Priya S, “Analysis of Different Access Control Mechanism in Cloud”

Intenational Journal of Applied Information System, ISSN:2249-0868, Pg No:34-39.

[20] M V Rajesh, Soma Sekhar T and Siva Rama Krishna T “Enhanced Secure Data Access.Model for Public Clouds” International Journal for Research in Science and Advanced Technologies,

ISSN: 2319-2690, Vol. 1 Jul-Aug-2012, PP:39- 45.

[21] Reeja S L “Role Based Access Control Machanism In Cloud Computing Using Co- Operative Secondary Authorization Recycling Method” International Journal of Emerging Technology A\and Advanced Engineering, ISSN:2250-2459, Vol.2, October-2012, PP:444- 450.

[22] B. Srinivasa Rao, A Framework for Predicate Based Access Control Policies in Infrastructure as a Service Cloud, Int. Journal of Engineering Research and Applications, Vol. 6, Issue 2, (Part - 6) February 2016, pp.36-44.