الفهرس 
Enhancing Access Control Management for Cloud Data Storage
AbstractOnly 14 pages are availabe for public view
 |  | from | 124 |  |  |
| | | from | 124 | | |
Abstract
Cloud computing and data explosion are two recent phenomena which cause widespread of collaborative applications. Different organizations or different departments inside the same organization can collaborate together and share their resources and services over the same cloud environment. However, the main challenge of that collaboration is that every organization needs to control the access to its resources and services. Usually, Role-Based Access Control (RBAC) model is commonly used and deployed in authorization cloud services. On the other hand, the RBAC rules of all collaborating organizations are centrally stored by a trusted authorization service provider.
This thesis addresses the scalability problem of the online stored rules, which are the set of rules that are searched and checked with every authorization request at run time. This problem affects the performance of the access control system due to increasing number of the shared resources and number of collaborating organizations.
The work in this thesis introduces comparative studies to address the effect of collaboration degree on the performance of the RBAC system using Role-to-Object mapping model compared to Role-to-Role mapping model with different Role-Mapping algorithms. Also, it introduces formal definition of two different Role-Mapping algorithms and evaluates them by performing experiments.
The comparative results prove that, in Role-to-Object model, the online Rule-Store size increases quadratically with increasing number of shared resources specially, in highly-collaborative environments. In Role-to-Role model, the experiments show that it reduces the online Rule-Store size, but it has a limitation of the authorization request’s response time.
One of our contributions is applying Single-Program Multiple-Data (SPMD) Concurrent Approach on the Role-to-Role mapping model to overcome its limitation. This approach is introduced using three different techniques to obtain the best one which improves the authorization request’s response time. The experimental evaluation of the proposed approach shows that the authorization response time is reduced, and the online Rule-Store size is also reduced in all simulated levels of collaboration.