P.
Sun Journal of Network and Computer Applications 160 (2020) 102642
Table 1
Contrast of several survey papers.
Article Year Application Technology Compare complexity Review
Ours 2019 Cloud computing Access control, encryption, trust Yes Yes
Xiao and Xiao (2013) 2013 Cloud computing Trust, encryption No No
Johanna and Tanja (2017) 2017 Cloud computing Secret communication No Yes
Shekha and Khandakar (2019) 2015 Cloud medical Encryption, EHR, non-encryption No Yes
Zhang and Xue (2018) 2019 Healthcare cloud Searchable encryption Yes Yes
Liu and Yan (2019) 2019 Edge computing Encryption Yes Yes
Tara and Maede (2019) 2019 Blockchain Access control, PKI No Yes
Ni and Zhang (2018) 2019 IOT, fog computing Access control, authentication No Yes
● We discuss the privacy security risks of cloud computing and propose
a comprehensive privacy protection framework.
● We analyze the characteristics of several access control models and
highlight their advantages and disadvantages based on various
factors.
● We summarize the algorithm flow and development of ABE, and
discuss several important achievements in cloud privacy protection,
such as fine-grained, revocation mechanism, multi-authority, trace
mechanism, proxy re-encryption and hierarchical encryption.
● We discuss and compare two searchable encryption schemes, such as
searchable asymmetric encryption (SAE) and searchable symmetric
encryption (SSE).
● We discuss and analyze the integration technology scheme of access
control, trust and encryption and discuss the challenges and future
research directions.
The organization of this article is arranged as follows: In section 2, we
describe the risk of privacy security in cloud computing and propose a
comprehensive framework. In section 3, we discuss the characteristics
and future direction of access control. In section 4, we discuss several
ABEs, such as the fine-grain, multi-authority, revocation mechanism;
trace mechanism; proxy re-encryption and hierarchical encryption. In
section 5, we analyze two searchable encryption schemes of cloud
computing for several conditions. In section 6, we analyze the integration
of access control, trust and encryption to implement privacy protection.
In section 7, we discuss privacy security issues and future directions of
cloud computing. In section 8, we consider that privacy protection needs
not only technology but also corresponding laws. To understand this
paper, a structural framework is given in Fig. 2.
2. Privacy security of cloud computing
The structural characteristics of the cloud computing environment are
the main causes of security problems. First, the nodes involved in
computing are diverse, sparsely distributed and often unable to be
effectively controlled. Second, the cloud service provider (CSP) has the
risk of disclosing privacy in the process of transmission, processing and
storage. Because cloud computing is based on technology, the security
vulnerabilities of existing technologies will be directly transferred to a
cloud computing platform and have even greater security threats.
2.1. Privacy security risk Fig. 2. Organization framework of this paper.
From information security, network security to cloud computing se- (2) Access control and identity authentication: Cloud computing in-
curity, the constant requirement of security is the confidentiality and volves massive resources; the management complexity of access
privacy protection of information. According to the annual report of the control and identity authentication expands dramatically.
Cloud Security Alliance (CSA) and the research results of relevant (3) Virtualization security: Although service providers have designed
scholars in literature, we can conclude several threats to privacy security and implemented isolation strategies for virtual machines, the
risk (Fig. 3) (Reza and Satyajayant, 2018). attacks among virtual machines cannot be completely avoided;
virtual machine migration will also produce changes in the secu-
(1) Privacy data security: Due to the service outsourcing mode, the rity domain.
security risk of cloud privacy, such as data disclosure, privacy (4) Multi-tenant and cross-domain sharing: Multi-tenant isolation and
disclosure, access rights management, and data destruction diffi- multi-user security need to be guaranteed. A cross-domain makes
culties, is particularly prominent.
3
�P. Sun Journal of Network and Computer Applications 160 (2020) 102642
Fig. 3. Privacy security risk in cloud computing.
service authorization and access control more complex, and trust Lakshmi, 2015). In a complex situation, this paper proposes a compre-
transfer between two cloud computing entities needs to be hensive cloud computing privacy protection security system based on a
reexamined. variety of technologies, such as access control, trust, attribute-based
(5) Advanced Persistent Threat (APT): APT is a planned intrusion and encryption, search encryption and other technologies, as shown in Fig. 4.
attack on a cloud computing system that has formed some un- In the infrastructure layer, physical isolation and corresponding pol-
derground interest chains. icy management rules are generally employed. In the platform layer and
(6) System security vulnerability: Due to the complexity of a cloud software application layer, encryption, trust and privacy policies are
computing system, many service providers have different man- mostly applied. Of course, these technologies do not have strict appli-
agement and service levels; so security vulnerabilities will in- cation restrictions but need specific analysis.
crease the danger in the cloud.
(7) Insider threat: The unintentional or intentional information 3. Access control in cloud computing
leakage of the service provider's insiders often makes the security
policy invalid, which has become an important issue of cloud In the era of cloud computing, both the computing and storage mode
computing security. have changed substantially, which creates new challenges to access
(8) Wrong application of cloud service: The misuse of cloud control research: how to develop traditional access control technology to
computing will cause troubles for users, service providers or third solve new cloud computing security problems (Reza and Satyajayant,
parties, and the illegal use of cloud service will cause serious 2018).
consequences.
(9) Service availability: Many security events are manifested as the 3.1. Tradition access control
unavailability of cloud computing services, and the denial of
service attacks has become an important security target for cloud Access control has an important role in: (1) preventing illegal users
service providers. from accessing information resources; (2) allowing legal users to access
information resources; and (3) preventing legal users from accessing
2.2. Privacy protection framework information resources (RajaniKanth and Lakshmi, 2015). In cloud
computing, according to the different functions of the access control
Due to the higher resource concentration and architecture complexity model, the research content and methods are also different (Sun, 2019a,
of a cloud computing system, these security issues pose a greater threat to 2019b). With the continuous development of network technology, re-
the cloud computing system (Sun, 2019a, 2019b, RajaniKanth and searchers have proposed many extended models, such as discretionary
Fig. 4. Privacy protection framework of cloud computing system.
4
�P. Sun Journal of Network and Computer Applications 160 (2020) 102642
access control (DAC), mandatory access control (MAC), role based access
control (RBAC, Fig. 5) (Ferraiolo et al., 2001), attribute based access
control (ABAC, Fig. 6), reference monitoring access control (RMAC), task
based access control (TBAC), and usage control (UCON, Fig. 7). These
models can solve the problem of access control in a system from different
levels and ensure the legitimacy, security and controllability of infor-
mation access (Fig. 8).
To analyze and compare the capability, performance and security of
each access control model more intuitively and concisely, we give 13
factors: security, confidentiality, flexibility, minimum privilege, duty
separation, description ability, granularity control, constraint descrip-
tion, dynamics, compatibility, expansibility, management difficulty and
modeling difficulty. In Table 2, the symbol "√" indicates that the factor
has suitable performance, and the symbol "-" indicates that the factor is
poor or does not have index characteristics.
Fig. 6. Basic ABAC model.
3.2. Discussion of access control
According to the characteristics and specific needs of cloud
computing, an excellent access control mechanism must be flexible,
scalable and network independent (Ning and Elisa, 2013). We suggest
that the future access control technology in cloud computing should
focus on the following aspects:
(1) Research on access control based on virtualization technology.
Because virtual machines of different organizations or de-
partments often run on the same physical host, although virtual
technology has excellent isolation, communication among virtual
machines in many applications is necessary, and the frequent
interaction among virtual machines introduces new security
challenges.
(2) Research on the impact of virtual machine dynamic migration on
access control. With the migration of a virtual machine, the policy
cannot be changed; if it is virtual machine storage, the data are
likely to be migrated to other networks, and the access rights may
also change. Therefore, how to ensure the impact of a network and
permission changes on data access control is very important. Fig. 7. Basic UCON model.
(3) Research on access control based on information resource attri-
butes. The traditional access control model can be better com-
bined with cloud computing, which greatly reduces problems that
may occur in the access control process of various resources, and
conforms to the real model of cloud computing.
(4) Research on access control model of space-time awareness. When
the cloud computing environment is expanded to a certain scale,
the user's location is very important, which can determine what
kind of resources the user can obtain, and the user can be judged
by location information.
(5) Research on access control technology based on trust relationship.
With the development of research on the trust model, the trust
Fig. 8. Relationship of multiple access control models.
relationship among the data provider, cloud platform and user in a
cloud computing system is different.
(6) Research and implement a cross-domain, cross group, hierarchical
dynamic fine-grained access control system. Many problems in the
cross-domain access control, such as unauthorized access, access
conflict, key management, policy management, and attribute
management.
Many cloud access control schemes have different descriptions of
Fig. 5. Basic RBAC model. rules, which cannot satisfy the application requirements due to many
