A Novel Role-based Access Control Model in Cloud Environments

In Cloud environments, the relationship between resources and users is more ad hoc and dynamic. The role-based access control (RBAC) model is an appropriate access control model for Cloud environments. When using the RBAC model in Cloud environments, some new elements should be considered. This paper proposes a SAT-RBAC model (security and availability based trust relationship in RBAC) and adopts the following elements as the main factors of a trust relationship: the security state and network availability of the host used by a user, the protection state of the service providers that are related to the role. A security-based scheduling model for Cloud environments is presented. Because of the uncertainty of Cloud environments, the trust relationship is divided into three zones: the unbelievable zone, the probable believable zone and the believable zone. Bayesian method is used to estimate the trust probability distribution in the probable believable zone. This paper also provides algorithms to evaluate the values of the main elements of a trust relationship. Finally, the experiments in simulated Cloud environment based on CloudSim in PlanetLab are discussed and the results prove that the SAT-RBAC model is effective in filtering abnormal behaviors in Cloud environments.