Title: A risk adaptive access control model based on Markov for big data in the cloud

Authors: Hongfa Ding; Changgen Peng; Youliang Tian; Shuwen Xiang

Addresses: College of Mathematics and Statistics, Guizhou University, China; College of Information, Guizhou University of Finances and Economics, Guiyang, Guizhou Province, China ' Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, China; College of Computer Science and Technology, Guizhou University, China; Institute of Cryptography and Data Security, Guizhou University, China; Guizhou Provincial Engineering and Technology Research Centre of Cyber Data Security (Guizhou Yulinwei Information Technology LLC), Guiyang, Guizhou Province, China ' College of Computer Science and Technology, Guizhou University, China; Institute of Cryptography and Data Security, Guizhou University, China; Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang, Guizhou Province, China ' College of Mathematics and Statistics, Guizhou University, Guiyang, Guizhou Province, China

Abstract: The main problems of the application of access control in the cloud are the necessary flexibility and scalability to support a large number of users and resources in a dynamic and heterogeneous environment, with collaboration and information sharing needs. This paper proposes a risk self-adaptive dynamic access control model, based on Markov chain and Shannon information theory, for big data that stored and processed by cloud. In this model, a simple formal adversary model, a modification of XACML framework including some new and enhanced components, Markov-based methods for calculating the risk values of access requests, and an incentive mechanism for supervising all the access behaviours of subjects are proposed, successively. Our method is easy to deploy and the administrator just need to label the object data. This method is more effective and suitable to control the access in large-scale information system, and protect the sensitive and privacy data.

Keywords: risk-based access control; privacy protection; risk management; cloud computing.

DOI: 10.1504/IJHPCN.2019.099269

International Journal of High Performance Computing and Networking, 2019 Vol.13 No.4, pp.464 - 475

Received: 16 Jun 2016
Accepted: 15 Nov 2016

Published online: 16 Apr 2019 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article