Context-Aware Access Control Model for Cloud Computing

In view of malicious insider attacks on cloud computing environments, a new ContextAware Access Control Model for cloud computing (CAACM) was presented. According to the characteristic of cloud computing, we take spatial state, temporal state and platform trust level as context. The model establishes mechanisms of authorization from cloud management role to objects, which enables dynamic activation of role permission by associating cloud management role with context. It also achieves fine-grained access control on cloud objects by supervising the permission of management role in full life cycle. Moreover, it introduces the concept of exclusive managerial role, which extends access control from static protection on resources to dynamic authorization on managerial roles. Further, it describes the approach of role permission activation systematically. CAACM formally proves to be safe and it lays the groundwork for the deployment of CAACM in cloud computing systems.