Role-based Access Control Using Ontology in Cloud Storage

With the development of cloud computing, and as the basis of data services, security problems of cloud storage are growing more attention. Based on distributed storage, multidomain and multi-tenant characteristics, combined with access control technologies, this paper sets up the Role-based Access Control using Ontology and domians in Cloud Storage (DOnto_RBAC), which could provide a concise and effective strategy for service providers (isps). According to the characteristics of access control in cloud storage, based on the standards (called CDMI), this paper adds Domains and Time constraints of roles into RBAC. With ontology technologies and the OWL language, this paper establishes ontology model including entities’ descriptions and strategies to realize reasoning of multi-domain access control permissions. We realized our system through Python and established Restful APIs. Experiments in campus-level cloud storage called Swift showed that, using requests with Restful format commands, DOnto_RBAC was proved to be effective to manage distributed and multi-domain data in cloud storage.