Adaptive Access Control Mechanism (AACM) for Enterprise Cloud Computing

Abstract

Enterprise cloud computing provides various services to enterprises, but access to these services is controlled by a firewall. The firewall determines the actions and operations a legitimate user can perform on the available resources. Access control policies allow or restrict access to resources, and they also keep a record of attempted access. In the role-based access control model, access to resources is based on a user's role in the enterprise. As resources are limited, the policy manager has to create policies that optimize resource availability to different roles to improve overall resource utilization. However, this optimization is challenging without prior knowledge of user behaviour and resource requirements for each role. Due to insufficient knowledge, some resources may be available to the wrong roles, while others may be required by other roles but are inaccessible. This results in decreased resource utilization, requiring the redefinition of access control policies with optimal resource availability. The optimal allocation of resources can be achieved by analyzing user behaviour under different roles. The study proposes a novel method for access control that utilizes role profiling and redefines access control policies for different roles to optimize resource availability. Formal methods are employed to ensure accurate system behaviour in software and hardware systems. Formal specifications provide a high-level representation of system behaviour and characteristics. This paper proposes formal specifications using the "Z"language to ensure accurate system behaviour in access control mechanisms. The proposed mechanism is implemented in a simulated environment and validated using four variants of the recommender approach. The study concludes that the proposed mechanism consistently enhances operational capability, minimizing over- and under-allocation of resources to roles and improving overall resource utilization within the enterprise. The proposed method is beneficial in dynamic environments where the system must adapt to evolving scenarios.