Achieving Efficient Access Control via XACML Policy in Cloud Computing

One primary challenge of applying access control methods in cloud computing is to ensure data security while supporting access efficiency, particularly when adopting multiple access control policies. Many existing works attempt to propose suitable frameworks and schemes to solve the problems, however, these proposals only satisfy specified use cases. In this paper, we take XACML as the policy language and build up a logical model. Based on this, we introduce the fine-grained data fragment algorithm to optimize the policies, whose resource property represents physical meaningful data blocks. Data are organized in a tree structure, where each leaf node represents a minimal physical meaningful data block, and internal nodes are combined data types. This method can eliminate conflicts and redundancies among rules and policies, thus to refine the policy set and achieve fine-grained access control. Our approach can also be applied to processing multi-types of data, and experiments are carried out to show the improvements of efficiencies. Keywords-Access control; Policy optimization; Data fragment; XACML; cloud computing